zavirovany pocitac od otce

[toox]

Malwarebytes nalezl 80 hrozeb které jsou v karentene. Přikládám log z Malwarwebytes

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 02.03.19
Čas skenování: 17:51
Logovací soubor: 67ff7072-3d0b-11e9-b6da-7054d250935b.json

-Informace o softwaru-
Verze: 3.7.1.2839
Verze komponentů: 1.0.538
Aktualizovat verzi balíku komponent: 1.0.9512
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17134.590)
CPU: x64
Systém souborů: NTFS
Uživatel: SEBESTOVI\rodinkasebestovi

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 340620
Zjištěné hrozby: 85
Hrozby umístěné do karantény: 85
Uplynulý čas: 7 min, 10 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 1
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUSERVICE.EXE, V karanténě, [629], [545174],1.0.9512

Modul: 1
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUSERVICE.EXE, V karanténě, [629], [545174],1.0.9512

Klíč registru: 36
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC SPEEDUP SERVICE DEACTIVATOR, V karanténě, [629], [241614],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39D8F2B-A3A8-44CC-9943-1322484AC1DC}, V karanténě, [629], [241614],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C39D8F2B-A3A8-44CC-9943-1322484AC1DC}, V karanténě, [629], [241614],1.0.9512
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FileShareFanaticTooltab Uninstall Internet Explorer, V karanténě, [1729], [356944],1.0.9512
PUP.Optional.SpeedChecker, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\Speedchecker Limited, V karanténě, [6890], [246252],1.0.9512
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\FileShareFanatic, V karanténě, [1729], [444113],1.0.9512
PUP.Optional.PCSpeedUp, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\SPEEDCHECKER LIMITED\PC Speed Up, V karanténě, [629], [241619],1.0.9512
PUP.Optional.InstallCore, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\CSASTATS\ic, V karanténě, [421], [586068],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.SysUtils.1, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.SYSUTILS, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry.1, V karanténě, [629], [241616],1.0.9512
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\Speedchecker Limited, V karanténě, [2530], [188281],1.0.9512
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, V karanténě, [2530], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, V karanténě, [2530], [188281],1.0.9512
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\UtilityChest_49, V karanténě, [612], [240816],1.0.9512
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Facebook0, V karanténě, [238], [623975],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCSU-SL_is1, V karanténě, [629], [254783],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUService, V karanténě, [629], [545174],1.0.9512

Hodnota v registru: 10
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\FileShareFanatic|START PAGE, V karanténě, [1729], [444113],1.0.9512
PUP.Optional.MindSpark, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FileShareFanaticTooltab Uninstall Internet Explorer|PUBLISHER, V karanténě, [612], [352442],1.0.9512
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, V karanténě, [2530], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, V karanténě, [2530], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, V karanténě, [2530], [-1],0.0.0
PUP.Optional.SpeedChecker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SPEEDCHECKERSERVICE.EXE, V karanténě, [6890], [255290],1.0.9512
PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC SPEEDUP SERVICE DEACTIVATOR.JOB, V karanténě, [1342], [484530],1.0.9512
PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC SPEEDUP SERVICE DEACTIVATOR.JOB.FP, V karanténě, [1342], [484530],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C39D8F2B-A3A8-44CC-9943-1322484AC1DC}|PATH, V karanténě, [629], [258108],1.0.9512
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCSU-SL_is1|URLINFOABOUT, V karanténě, [629], [254783],1.0.9512

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 11
PUP.Optional.MindSpark.Generic, C:\USERS\RODINKASEBESTOVI\APPDATA\LOCAL\FileShareFanaticTooltab, V karanténě, [1729], [356944],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\Allin1Convert_8hEI\Installr\Cache, V karanténě, [612], [178353],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\Allin1Convert_8hEI\Installr, V karanténě, [612], [178353],1.0.9512
PUP.Optional.MindSpark, C:\USERS\RODINKASEBESTOVI\APPDATA\LOCALLOW\Allin1Convert_8hEI, V karanténě, [612], [178353],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\UtilityChest_49EI\Installr\Cache, V karanténě, [612], [178469],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\UtilityChest_49EI\Installr, V karanténě, [612], [178469],1.0.9512
PUP.Optional.MindSpark, C:\USERS\RODINKASEBESTOVI\APPDATA\LOCALLOW\UtilityChest_49EI, V karanténě, [612], [178469],1.0.9512
PUP.Optional.PCSpeedUp, C:\USERS\RODINKASEBESTOVI\APPDATA\LOCAL\MICROSOFT\SILVERLIGHT\OUTOFBROWSER\SPEEDCHECKER.PCSPEEDUP, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\USERS\RODINKASEBESTOVI\DOCUMENTS\PCSPEEDUP, V karanténě, [629], [178841],1.0.9512
PUP.Optional.ContentPush, C:\USERS\RODINKASEBESTOVI\APPDATA\ROAMING\CONTENTPUSH, V karanténě, [933], [312959],1.0.9512
PUP.Optional.WeatherChicken, C:\PROGRAM FILES (X86)\WEATHERCHICKN, V karanténě, [1613], [383209],1.0.9512

Soubor: 26
PUP.Optional.PCSpeedUp, C:\WINDOWS\TASKS\PC SPEEDUP SERVICE DEACTIVATOR.job, V karanténě, [629], [241614],1.0.9512
PUP.Optional.PCSpeedUp, C:\WINDOWS\SYSTEM32\TASKS\PC SPEEDUP SERVICE DEACTIVATOR, V karanténě, [629], [241614],1.0.9512
PUP.Optional.MindSpark.Generic, C:\USERS\RODINKASEBESTOVI\APPDATA\LOCAL\FileShareFanaticTooltab\TooltabExtension.dll, V karanténě, [1729], [356944],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\Allin1Convert_8hEI\Installr\Cache\files.ini, V karanténě, [612], [178353],1.0.9512
PUP.Optional.MindSpark, C:\Users\rodinkasebestovi\AppData\LocalLow\UtilityChest_49EI\Installr\Cache\files.ini, V karanténě, [612], [178469],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\appicon_48.png, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\Error.jpg, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\index.html, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\metadata, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\Speedchecker.PCSpeedUp.ico, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\SplashScreen.jpg, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\state, V karanténě, [629], [178840],1.0.9512
PUP.Optional.PCSpeedUp, C:\Users\rodinkasebestovi\Documents\PCSpeedUp\App.log, V karanténě, [629], [178841],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUHELPER.DLL, V karanténě, [629], [241616],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUSERVICE.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUSD.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\UNINS000.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUSPEEDTEST.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSULAUNCHER.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSUUCC.EXE, V karanténě, [629], [545174],1.0.9512
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\ZRYCHLENI POCITACE\PCSPEEDUP.SYS, V karanténě, [629], [545174],1.0.9512
PUP.Optional.InstallCore.Generic, C:\$RECYCLE.BIN\S-1-5-21-1244017325-3987402715-3454423037-1001\$RNAN00A.EXE, V karanténě, [539], [511908],1.0.9512
PUP.Optional.InstallCore.Generic, C:\$RECYCLE.BIN\S-1-5-21-1244017325-3987402715-3454423037-1001\$RI3NJ7G.EXE, V karanténě, [539], [511908],1.0.9512
PUP.Optional.BitCoinMiner, C:\WINDOWS\SYSWOW64\ACUMNCAIKN.EXE, V karanténě, [1112], [144764],1.0.9512
Trojan.BitCoinMiner, C:\WINDOWS\SYSWOW64\DCGMNCAIKN.EXE, V karanténě, [604], [144774],1.0.9512

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)


+ frst nelze stánout Windows defender ho blokuje

[Rudy]

Zdravím!
FRST+Addition budu potřebovat, dočasně WinDef vypněte.

[toox]

delete

[toox]

log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.03.2019
Ran by rodinkasebestovi (administrator) on SEBESTOVI (02-03-2019 19:54:49)
Running from C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Windows\INetCache\IE\XSM8E6U6
Loaded Profiles: rodinkasebestovi (Available Profiles: rodinkasebestovi)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Third Party Application Component -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69952 2018-01-19] (Grid Republic (COMPUTATIONAL CHARITY PROJECT INC) -> Charity Engine)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\charityengine.exe [8662848 2018-01-19] (Grid Republic (COMPUTATIONAL CHARITY PROJECT INC) -> Charity Engine)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] (Seznam.cz, a.s. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\rodinkasebestovi\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\rodinkasebestovi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [Gaijin.Net Agent] => C:\Users\rodinkasebestovi\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-11-17] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-24] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\MountPoints2: {eedfe6b2-a94c-11e5-8117-7054d250935b} - "E:\Setup.exe"
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-26] (Google LLC -> Google Inc.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a79d757c-dded-4c37-a8cf-2f7bf90433fe}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {0E5DCEAE-D71F-4826-8600-A56FEFF9191E} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {1107A12D-8BA5-4C9D-BCB7-29D53701E7D2} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {5B703D85-822C-4A44-999A-50F3A0C47910} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {6387000F-1C7C-49F4-A7F5-9BDFF8982DF8} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {79996850-6D06-490B-BED4-64CE58211338} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {98D8FE9B-559E-47DB-9B08-758CF6C8C0A7} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {A22CD8A4-2284-4AE2-8902-3A991484C5B5} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {BEF4CC88-2463-448F-A3B5-ECE7638F2CE7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {D24389B9-74B3-4B9C-83F2-982C117068F2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13906
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {E299875A-F013-42FA-A241-4C2722469B5D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win64\NotebookPlugin.dll [2012-07-06] (SMART Technologies ULC -> SMART Technologies ULC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win32\NotebookPlugin.dll [2012-07-06] (SMART Technologies ULC -> SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-23] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-1244017325-3987402715-3454423037-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rodinkasebestovi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2013-11-06] (Skype Technologies SA -> Skype Limited)
FF Plugin HKU\S-1-5-21-1244017325-3987402715-3454423037-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\rodinkasebestovi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-13] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default [2018-08-15]
CHR Extension: (Prezentace) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Dokumenty) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Disk Google) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (YouTube) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (Tabulky) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-20]
CHR Extension: (Skype) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-24]
CHR Extension: (AVG SafePrice) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-08-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-15]
CHR Extension: (Gmail) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\rodinkasebestovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-15]
CHR HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [357360 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6807360 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6875688 2018-11-26] (BattlEye Innovations e.K. -> )
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated -> Acer Incorporated)
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated -> Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent Inc -> WildTangent)
S3 HnGService; C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe [756520 2018-11-26] (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205656 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [226448 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [196848 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblog.sys [320960 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [58008 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-01-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [167560 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1034184 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [474712 2019-02-22] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [217040 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380208 2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-23] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-23] (Disc Soft Ltd -> Disc Soft Ltd)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-02] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-02] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaewu.inf_amd64_8baa9d083edacf87\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-02 19:54 - 2019-03-02 19:54 - 000000000 ____D C:\FRST
2019-03-02 18:27 - 2019-03-02 18:27 - 000013861 _____ C:\Users\rodinkasebestovi\Desktop\erwterte.txt
2019-03-02 17:50 - 2019-03-02 17:50 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-02 17:50 - 2019-03-02 17:50 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-02 17:50 - 2019-03-02 17:50 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-02 17:50 - 2019-03-02 17:50 - 000000000 ____D C:\Users\rodinkasebestovi\AppData\Local\mbamtray
2019-03-02 17:50 - 2019-03-02 17:50 - 000000000 ____D C:\Users\rodinkasebestovi\AppData\Local\mbam
2019-03-02 17:50 - 2019-03-02 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-02 17:50 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-02 17:50 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-02 17:49 - 2019-03-02 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-02 17:49 - 2019-03-02 17:49 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-23 20:34 - 2019-02-27 18:43 - 000000000 ____D C:\Users\rodinkasebestovi\Desktop\Bloger
2019-02-20 20:33 - 2019-02-20 20:33 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-02-12 20:39 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-12 20:39 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-12 20:39 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:39 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:39 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-12 20:39 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-12 20:39 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-12 20:39 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-12 20:39 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-12 20:39 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-12 20:39 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-12 20:39 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-12 20:39 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-12 20:39 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-12 20:39 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-12 20:39 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-12 20:39 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-12 20:39 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-12 20:38 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-12 20:38 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-12 20:38 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-12 20:38 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-12 20:38 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-12 20:38 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-12 20:38 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-12 20:38 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-12 20:38 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-12 20:38 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-12 20:38 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-12 20:38 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-12 20:38 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-12 20:38 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-12 20:38 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-12 20:38 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-12 20:38 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-12 20:38 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-12 20:38 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-12 20:38 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-12 20:38 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-12 20:38 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-12 20:38 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-12 20:38 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-12 20:38 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-12 20:38 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-12 20:38 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-12 20:38 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-12 20:38 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-12 20:38 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-12 20:38 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-12 20:38 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-12 20:38 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-12 20:38 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-12 20:38 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-12 20:38 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-12 20:38 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-12 20:38 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-12 20:38 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-12 20:38 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-12 20:38 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-12 20:38 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-12 20:38 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-12 20:38 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-12 20:38 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-12 20:38 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-12 20:38 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-12 20:38 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-12 20:38 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-12 20:38 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-12 20:38 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-12 20:38 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-12 20:38 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-12 20:38 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-12 20:38 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-12 20:38 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-12 20:38 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-12 20:38 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-12 20:38 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-12 20:38 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-12 20:38 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-12 20:38 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-12 20:38 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:38 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-12 20:38 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-12 20:38 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-12 20:38 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-12 20:38 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-12 20:38 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-12 20:38 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-12 20:38 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-12 20:38 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-12 20:38 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-12 20:38 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-12 20:38 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-12 20:38 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-12 20:38 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-12 20:38 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-12 20:38 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-12 20:38 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-12 20:38 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-12 20:38 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-12 20:38 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-12 20:38 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-12 20:38 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-12 20:38 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-12 20:38 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-12 20:38 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-12 20:38 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-12 20:38 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-12 20:38 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-12 20:38 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-12 20:38 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-12 20:38 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-12 20:38 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-12 20:38 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-12 20:38 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-12 20:38 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-12 20:38 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:38 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-12 20:38 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-12 20:38 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-12 20:38 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:38 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-12 20:38 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:38 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-12 20:38 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-12 20:38 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:38 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-12 20:38 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-12 20:38 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-12 20:38 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-12 20:38 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-12 20:38 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-12 20:38 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:38 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-12 20:38 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-12 20:38 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-03 19:47 - 2019-02-03 19:47 - 000000154 _____ C:\Users\rodinkasebestovi\Desktop\35 Homemade Valentine’s Day Gift Ideas for Him.url
2019-01-31 11:42 - 2019-02-20 20:32 - 000226448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-02 19:54 - 2018-05-31 08:21 - 000004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6A9C517E-DC9A-4C21-9D9B-97839B1A7CC3}
2019-03-02 19:53 - 2018-04-11 22:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-03-02 19:51 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-02 18:06 - 2018-05-31 08:13 - 001689054 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-02 18:06 - 2018-04-12 16:50 - 000715202 _____ C:\WINDOWS\system32\perfh005.dat
2019-03-02 18:06 - 2018-04-12 16:50 - 000144496 _____ C:\WINDOWS\system32\perfc005.dat
2019-03-02 18:06 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-02 17:59 - 2018-05-31 08:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-02 17:59 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-02 17:59 - 2016-10-04 21:11 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-02 17:59 - 2016-09-23 14:13 - 000000000 ____D C:\Program Files (x86)\Zrychleni Pocitace
2019-03-02 17:50 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-02 17:48 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-02 17:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-02 17:44 - 2018-05-31 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-02 14:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-01 19:42 - 2018-11-16 15:04 - 000000000 ____D C:\Program Files\rempl
2019-02-27 18:43 - 2018-09-04 13:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-02-27 18:43 - 2018-06-27 18:37 - 000000000 ____D C:\Users\rodinkasebestovi\AppData\Local\Deployment
2019-02-27 18:43 - 2018-05-31 08:21 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-27 18:43 - 2018-05-31 08:21 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-27 18:43 - 2018-05-31 08:21 - 000003056 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-02-27 18:43 - 2018-05-31 08:21 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1244017325-3987402715-3454423037-1001
2019-02-27 18:43 - 2018-05-31 08:21 - 000002392 _____ C:\WINDOWS\System32\Tasks\DeviceDetector
2019-02-27 17:55 - 2013-12-07 02:02 - 000000000 ____D C:\Users\rodinkasebestovi\AppData\Local\CrashDumps
2019-02-26 15:45 - 2017-04-20 08:13 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 15:45 - 2017-04-20 08:13 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-23 16:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-22 16:20 - 2018-02-11 12:35 - 000474712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-02-20 20:33 - 2018-10-24 14:20 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 001034184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000380208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000217040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000167560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-02-20 20:33 - 2018-02-11 12:35 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-02-20 20:32 - 2019-01-30 13:44 - 000320960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblog.sys
2019-02-20 20:32 - 2019-01-30 13:44 - 000196848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-02-20 20:32 - 2019-01-30 13:44 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-02-13 16:28 - 2018-05-31 07:53 - 005033064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-12 22:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-12 20:43 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-12 20:38 - 2013-12-16 21:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 20:36 - 2013-12-16 21:22 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-10 10:04 - 2018-05-31 07:58 - 000002467 _____ C:\Users\rodinkasebestovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 10:03 - 2014-04-30 18:20 - 000000000 ___RD C:\Users\rodinkasebestovi\OneDrive
2019-02-07 20:14 - 2018-07-03 10:30 - 000000000 ____D C:\ProgramData\Packages
2019-02-06 21:58 - 2018-05-31 07:58 - 000000000 ____D C:\Users\rodinkasebestovi
2019-02-04 13:03 - 2014-05-30 19:51 - 000000000 ___RD C:\Users\rodinkasebestovi\Desktop\FILMY
2019-02-02 23:53 - 2018-07-12 11:24 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-07-12 11:24 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-01-08 15:54 - 2018-06-17 18:56 - 000000132 _____ () C:\Users\rodinkasebestovi\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2017-12-24 12:19 - 2002-08-29 17:33 - 000319488 _____ () C:\Users\rodinkasebestovi\AppData\Roaming\MafiaSetup.exe
2017-03-04 13:34 - 2017-04-05 19:50 - 000011776 _____ () C:\Users\rodinkasebestovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-31 07:53

==================== End of FRST.txt ============================

[Rudy]

Ještě poprosím o log Addition. Najdete ho v souboru addition.txt v C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Windows\INetCache\IE\XSM8E6U6.

[toox]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.03.2019
Ran by rodinkasebestovi (02-03-2019 19:56:44)
Running from C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Windows\INetCache\IE\XSM8E6U6
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-31 07:22:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1244017325-3987402715-3454423037-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1244017325-3987402715-3454423037-503 - Limited - Disabled)
Guest (S-1-5-21-1244017325-3987402715-3454423037-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1244017325-3987402715-3454423037-1004 - Limited - Enabled)
rodinkasebestovi (S-1-5-21-1244017325-3987402715-3454423037-1001 - Administrator - Enabled) => C:\Users\rodinkasebestovi
UpdatusUser (S-1-5-21-1244017325-3987402715-3454423037-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1244017325-3987402715-3454423037-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-0f60c575-c0e1-4f21-999f-8ca36be5bcc7) (Version: 2.2.0.98 - WildTangent) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Aloha TriPeaks (HKLM-x32\...\WTA-ffb5c439-15b4-4acd-87bc-b71691506210) (Version: 2.2.0.98 - WildTangent) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 19.2.3079 - AVG Technologies)
Balada o Solarovi (HKLM-x32\...\Balada o Solarovi) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-dff480a9-4fe8-4a9a-b4a9-1bcd86918ba3) (Version: 2.2.0.98 - WildTangent) Hidden
Bistro u Amélie: Duch Vánoc (HKLM-x32\...\Bistro u Amélie: Duch Vánoc) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2008 - CyberLink Corp.) Hidden
Crack Microsoft Office 2010 2.2.3 (HKLM-x32\...\Crack Microsoft Office 2010 2.2.3) (Version: 2.2.3 - Microsoft)
Crazy Chicken Tales (HKLM-x32\...\Crazy Chicken Talesv1.0) (Version: v1.0 - Phenomedia Publishing, gmbh)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Čarodějný žertík - Žabí štěstí - Sběratelská edice (HKLM-x32\...\{Carodejny zertik - zabi stesti - Sberatelska edice}_is1) (Version: - Spidla Data Processing, s.r.o.)
Čestina do SimCity 4 Rush Hour a Delux BETA (HKLM-x32\...\Čestina do SimCity 4 Rush Hour a Delux BETA) (Version: 1.00 - Max_2_Max)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Delicious: Emily's True Love Premium Edition (HKLM-x32\...\WTA-87b3a89f-d47b-425a-aa19-6638f6c251f0) (Version: 2.2.0.98 - WildTangent) Hidden
Epic Games Launcher (HKLM-x32\...\{3ECF91A4-EE22-4A3A-921F-36ECAA04C13D}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 - Heavy Cargo Pack version 1.0 (HKLM-x32\...\Euro Truck Simulator 2 - Heavy Cargo Pack_is1) (Version: 1.0 - SCS Software)
Facebook (HKLM-x32\...\Facebook) (Version: - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy 4 (HKLM-x32\...\Farm Frenzy 4) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Final Drive: Nitro (HKLM-x32\...\WTA-d855b4d1-f6e0-472a-8ce3-156639d78f97) (Version: 2.2.0.95 - WildTangent) Hidden
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b180099a-315f-438d-8471-1d76285268d7) (Version: 2.2.0.110 - WildTangent) Hidden
Grand Theft Auto Vice City (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.1.0.0 - Reto-Moto)
Hledači pokladů: Ztracené město (HKLM-x32\...\Hledači pokladů: Ztracené město) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Acer Incorporated)
Charity Engine (HKLM\...\{A7D31CBC-80AF-4E68-83D7-20D01917C034}) (Version: 7.6.33 - Charity Engine)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (HKLM-x32\...\WTA-a910ee64-34a3-4cf6-af97-b7764748a72b) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-cd10da4e-ee59-49ba-8a93-045c4529db16) (Version: 2.2.0.95 - WildTangent) Hidden
KAO the Kangaroo (HKLM-x32\...\KAO the Kangaroo) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Magic Academy (HKLM-x32\...\WTA-104cd28d-e08e-4937-82a4-f4cfc0a87328) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Medvěd Míša - Rybí dobrodružství (HKLM-x32\...\Medvěd Míša - Rybí dobrodružství) (Version: - )
Medvědí bratři (HKLM-x32\...\{B489D5F8-D960-4399-9286-C59BF21991B5}) (Version: 1.0 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM-x32\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
My Farm Life 2 (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\My Farm Life 2) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
NAPS2 5.2.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
NHL™ 09 (HKLM-x32\...\{827B97A9-B347-4110-9F89-37AF2B758F94}) (Version: 2.0.1.0 - Electronic Arts)
NVIDIA 3D Vision Controller Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.29 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (HKLM-x32\...\WTA-fa60ae5a-bd7a-4513-8261-61a03b618086) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-bac481e1-7267-49fc-be25-fbab63c9d8dd) (Version: 2.2.0.98 - WildTangent) Hidden
Poklady ostrova záhad 1.0 (HKLM-x32\...\{Poklady ostrova zahad}_is1) (Version: - Špidla Data Processing, s.r.o.)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
Prohlížeč Seznam.cz (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Seznam Browser) (Version: - Seznam.cz a.s.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Scan to PDF (HKLM-x32\...\Scan to PDF) (Version: 2.50 - Softi Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{78A9943A-5DB1-4B90-8AEF-5CE30456FB6E}) (Version: - Microsoft)
Seznam Software (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\SeznamInstall) (Version: - Seznam.cz)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.9 - GOG.com)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Smajlíci 1.5 (HKLM-x32\...\{Smajlici}_is1) (Version: - Špidla Data Processing, s.r.o.)
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.11.0 - SMART Technologies ULC)
SMART Notebook Interactive Viewer (HKLM-x32\...\{BDC0E727-AF8C-4360-88FD-439144C833A8}) (Version: 2.0.103.0 - SMART Technologies ULC)
super-ovladac-umozni-stahnout-a-nainstalovat-zastarale-ovladace-cz-key-klic version for Windows (HKLM-x32\...\{2CBDB25C-D45A-C296-9FA9-CA7DE0D050F0}_is1) (Version: for Windows - )
Tales of Lagoona (HKLM-x32\...\WTA-99dc229b-2cd4-48e4-a3a4-5a9635e9bdb2) (Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
Temná pohlazení: Hříchy otců (HKLM-x32\...\Temná pohlazení: Hříchy otců) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
The Escapists 2 (HKLM-x32\...\The Escapists 2_is1) (Version: - )
The Saboteur version 1.03 (HKLM-x32\...\The Saboteur_is1) (Version: 1.03 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 beta 12 - Ghisler Software GmbH)
Ulož.to FileManager verze 2.20 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.20 - Uloz.to cloud a.s.)
Unity Web Player (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder Launcher 1.0.3.72 (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.1.1.2 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wolfenstein New Order version 1.1.0 (HKLM-x32\...\Wolfenstein New Order_is1) (Version: 1.1.0 - REPACKY BY TOMI2K9)
World of Tanks (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Záchranáři v akci (HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\Záchranáři v akci) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-a8fce3b9-61a7-4375-905b-9b2ed2451b5a) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2012-07-12] (EGIS TECHNOLOGY INC. -> Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-20] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {077379C3-F6F4-44C1-9500-09377759C51C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {1B68F437-ACE6-46E6-A897-ED4AD7D013DE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {20479390-C390-4DB0-92D1-F7C337EEE87A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {215D2E47-86D5-4943-B92D-403C7FD28B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {218CB135-4B00-441C-8EDC-545107549AE7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2CD3E04E-AC26-4DD5-871D-7A7D9A31E79D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {304D3203-31C5-45F3-BA2F-4F2AF6F8EFFB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3232D210-9C49-4C67-85C4-E1B1F4CCDA14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {345AD28A-E0E3-4003-8B7E-5DF36849F335} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38B2CF68-A23C-4799-ADA0-9436C36E4773} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4145606B-AE45-4C5D-ACBB-6C55CBBC3D07} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
Task: {47D5971B-9449-4914-A73F-89D0E96CB0D5} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {4B03D51E-48E3-4168-BDC3-466B3DB04209} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {535B0DE2-4B12-4D75-8CFC-B3B19F1CF014} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe (Acer Incorporated -> )
Task: {55E31A28-05F0-4972-B695-D595D9FC03BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {59CF5685-A198-4AC9-BD9D-784C7EAAB016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A4A9DE6-18BD-451F-AFF1-475071F0B996} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {63700C6F-EA33-4393-8289-B482449CE6A5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink -> CyberLink)
Task: {63E45310-37A4-48F5-96F1-521D3FAF83AB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe (Acer Incorporated -> )
Task: {6434321F-9345-4519-9AA6-A5C574AFB390} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {67C483FE-7AD3-49B6-B934-6DB5132E0139} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {683DF496-0EBC-4556-8745-A28F05F033C7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C7EF7AF-BE7D-4C47-B54E-6524C0143480} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6EA36E2E-78B4-4BD1-9E54-2B3B23EFD29F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C1D40C7-5367-46D3-BD22-DE73F1889296} - \WPD\SqmUpload_S-1-5-21-1244017325-3987402715-3454423037-1001 -> No File <==== ATTENTION
Task: {A5962939-4761-4C9E-924F-10EDA7241DD7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {AD117CBE-5F0E-458F-8D5E-F3644B428DD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ADB318DF-5612-4957-851E-44D91C22CC08} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated -> Acer Incorporated)
Task: {B2E81E60-67CC-4D3B-BA6E-C7BB1F74FCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B7719D65-4246-4A88-981E-5D56F91BE33B} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {CDD7C086-3583-4259-B2B7-A36C68AA9FA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E4813DB8-8F9A-4576-972A-6DEC66CFA0B5} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
Task: {E944AE98-0341-42E6-A809-F66BD9BAF31F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\rodinkasebestovi\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

ShortcutWithArgument: C:\Users\rodinkasebestovi\Desktop\Facebook.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/campaign/landing.php?c ... ment=Model 1-20&creative=OIB&keyword=1pIkapTLdWPnyXVnmsh1FZDNcmCFiCQjnslwZpvLdWebynFmkslzYJHLZjjFnSUlnr0hNMaZLzjIpBcywZowJ4WYMjSQyX1klMx1ZJrJd26T%2FlEAAACj%2B0BX&extra_2=CZ
ShortcutWithArgument: C:\Users\rodinkasebestovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/campaign/landing.php?c ... ment=Model 1-20&creative=OIB&keyword=1pIkapTLdWPnyXVnmsh1FZDNcmCFiCQjnslwZpvLdWebynFmkslzYJHLZjjFnSUlnr0hNMaZLzjIpBcywZowJ4WYMjSQyX1klMx1ZJrJd26T%2FlEAAACj%2B0BX&extra_2=CZ

==================== Loaded Modules (Whitelisted) ==============

2018-05-31 07:56 - 2016-12-29 13:29 - 000860960 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-05-31 07:56 - 2016-12-29 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2013-01-02 17:22 - 2012-07-13 10:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
2013-01-02 17:22 - 2012-02-07 07:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RsCRLib.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-02 17:49 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-02 17:49 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\rodinkasebestovi:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-12-03 15:20 - 000001006 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\EgisTec MyWinLocker\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{DBB7AEE7-AAA8-4263-9311-D15A1B4CC498}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6C503C4F-92CD-4FCC-ACF4-A1ECC6E74E6A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{AD2BCE1B-95D8-4FF3-972A-A9F804F531F5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CDA22396-8CF2-45D8-A45D-DC737BE4B20C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D1DA8B84-3BAD-4859-9F23-FC966C40CEE1}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1707AB9A-2220-4DF6-9E8C-DFB5FBB1BB87}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{32B2F621-448E-46F9-8A46-98EA8676235D}C:\users\rodinkasebestovi\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\rodinkasebestovi\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{64F93205-39C0-4148-B082-05054BACE483}C:\users\rodinkasebestovi\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\rodinkasebestovi\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{79BA0192-9AFF-4A23-87E7-82DA3E287419}C:\users\rodinkasebestovi\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\rodinkasebestovi\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{DD39C1C1-9792-4FFF-B12C-0A4FD0496493}C:\users\rodinkasebestovi\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\rodinkasebestovi\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{028ABA02-32A8-4D32-8830-B7DD7D3815DC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{C068BA87-1791-4281-8D04-66EB2338EAFC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{DEFBA917-3943-4C25-A9DB-733E5D87FBA4}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{68F98F11-3ABE-470D-BF07-49B226FA3199}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{8B3A816D-CF17-43C5-A32B-8B1FDA00CCF2}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{8E61A6B1-F3D9-4D1D-A274-1B51E560864D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{C994B0D1-6735-446C-B38D-EAC3F25AB399}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{D076A4D5-DC0E-415C-9EF7-32D3D79EDEDD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{07645C76-CDCE-4206-9F91-75C4EFC680BF}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
FirewallRules: [TCP Query User{02323A6F-3CC4-45C3-9250-AFE90B020746}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
FirewallRules: [UDP Query User{5C0B08EB-ED44-4067-AE9A-F8F6F90DCBE4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CB5140AC-F73E-4764-A634-4A24E2205C5D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{FA60C04F-DE70-434D-A273-715CC57C5AE5}] => (Allow) C:\Users\rodinkasebestovi\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Technologies SA -> Skype Limited)
FirewallRules: [UDP Query User{E454E430-FEB2-40DD-9EB0-DD622CE0CE83}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E0F8A65E-5B90-425E-91D9-4F9A5D36C999}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{74641B72-7F45-4A6C-AF14-A9BE4379C99D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{9FEC8D23-D07F-443B-B21C-16BE0559EE15}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{24A72554-7A96-4F65-8858-EA3923AF52DA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{7E824D24-A2BD-4098-98EE-F0AC5359861B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2BC92AE7-7865-4425-A698-38FAE0491A5E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{06DC3720-C90C-4AA9-9736-4CE6B788441F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{DBF35025-031F-4BC2-9310-3F4C0836815F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{5C86F2D8-CABF-4227-93F4-81FA01731827}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{C289566D-10AE-421D-A851-AFD3FDEFFF42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{A103C16E-B3BD-46B2-90C8-4D1B3E035B9E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{57D47D93-A835-47DB-90F8-5F70DBB93A21}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe (CyberLink -> )
FirewallRules: [{EBBA697C-9D52-4B40-8F47-1979C532E76A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{A841006E-CB2B-4791-9990-42FC4ED511C3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{A589C1F4-D0B1-4050-A330-65B970F06B4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{34870069-1393-448A-9CD5-775204499F26}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{6FD7340D-4E98-472B-8310-773715E2269D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{DDCAA07C-405A-4913-B7B6-73518F0C7F68}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [TCP Query User{2961C42E-CEFD-44F7-9CED-A7DBF18B6780}D:\games\the escapists 2\theescapists2.exe] => (Block) D:\games\the escapists 2\theescapists2.exe () [File not signed]
FirewallRules: [UDP Query User{A7998FDD-BE32-4F6D-B9FC-CE3F5D5CD3CF}D:\games\the escapists 2\theescapists2.exe] => (Block) D:\games\the escapists 2\theescapists2.exe () [File not signed]
FirewallRules: [{416B09A3-CE0B-4486-A9A9-80D744FDFFCE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B7A28D9-34DF-45BA-AFD4-75FB6E92AED8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78699D4D-41F7-41B8-97D8-678FBDB7BDB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21B3F35D-B303-44C7-B413-8449C142DF65}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DC00C069-8B03-4EB7-B22A-83969E6189DD}] => (Allow) C:\Program Files (x86)\Atarata Games\Rescue Frenzy\RescueFrenzy.exe (Alawar Entertainment Inc -> )
FirewallRules: [{0130AA20-7185-4B90-B8DC-3483D953E4A4}] => (Allow) C:\Program Files (x86)\Atarata Games\Rescue Frenzy\RescueFrenzy.exe (Alawar Entertainment Inc -> )
FirewallRules: [{60ABDBCC-DC0D-4615-990D-D686AF7CBB39}] => (Allow) C:\Program Files (x86)\Atarata Games\Rescue Frenzy\RescueFrenzy.exe (Alawar Entertainment Inc -> )
FirewallRules: [{2D6C1552-2878-4BEC-AC4F-B591098039D0}] => (Allow) C:\Program Files (x86)\Atarata Games\Rescue Frenzy\RescueFrenzy.exe (Alawar Entertainment Inc -> )
FirewallRules: [TCP Query User{07DD9825-12F2-4FEA-82FF-3E9FC1DFFC11}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe (MachineGames) [File not signed]
FirewallRules: [UDP Query User{24CA6BD6-D669-434D-9F71-4DAF5F64165A}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe (MachineGames) [File not signed]
FirewallRules: [{D0C4FD85-3DA1-4E01-98A7-D644F7B31F58}] => (Allow) D:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe () [File not signed]
FirewallRules: [{1B4B106E-1AA8-47DC-9B67-DEB5A8271DA9}] => (Allow) D:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe () [File not signed]
FirewallRules: [{0C5D412E-20A4-4F8B-B55A-55DBAD6DC661}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe (Reto-Moto ApS -> ) [File not signed]
FirewallRules: [{802B3792-9858-4CC9-BBB3-77547D4E2B1D}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe (Reto-Moto ApS -> ) [File not signed]
FirewallRules: [{15C76699-3D11-4B04-B7A0-36B804443433}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2294B7A8-980A-4F90-83C3-850D6CAA9543}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4F44F12E-0509-4DD2-AEED-29CE44C15310}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

12-02-2019 20:35:30 Windows Update
17-02-2019 11:48:43 Windows Update
26-02-2019 16:31:11 Naplánovaný kontrolní bod
01-03-2019 19:39:46 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2019 07:57:01 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: SEBESTOVI)
Description: httphttp-2147467263

Error: (03/02/2019 06:17:30 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: SEBESTOVI)
Description: httphttp-2147467263

Error: (02/27/2019 05:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.17134.556, časové razítko: 0xf23cada5
Název chybujícího modulu: NotificationController.dll, verze: 10.0.17134.165, časové razítko: 0xe0385185
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000007c686
ID chybujícího procesu: 0x244c
Čas spuštění chybující aplikace: 0x01d4ceba7e9724f4
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\NotificationController.dll
ID zprávy: 8f247ee7-1ef4-4d5b-a4d5-e2fcdeacd338
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2019 09:15:04 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: SEBESTOVI)
Description: httphttp-2147467263

Error: (02/20/2019 08:34:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe se nezdařilo.
Závislé sestavení AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.26706.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/06/2019 07:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: worldoftanks.exe, verze: 1.4.0.230, časové razítko: 0x5c5037ab
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.471, časové razítko: 0xfe852bc4
Kód výjimky: 0xc0000005
Posun chyby: 0x00023269
ID chybujícího procesu: 0x1e9c
Čas spuštění chybující aplikace: 0x01d4be4981a889f1
Cesta k chybující aplikaci: C:\Games\World_of_Tanks\worldoftanks.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 726f1508-23d8-4206-b860-21fff922bde2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/06/2019 07:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: worldoftanks.exe, verze: 1.4.0.230, časové razítko: 0x5c5037ab
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.471, časové razítko: 0xfe852bc4
Kód výjimky: 0xc0000005
Posun chyby: 0x00023269
ID chybujícího procesu: 0x1d2c
Čas spuštění chybující aplikace: 0x01d4be482871b60d
Cesta k chybující aplikaci: C:\Games\World_of_Tanks\worldoftanks.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 14b6bb07-744a-4548-a168-019c2cede3f3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/03/2019 07:37:18 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: SEBESTOVI)
Description: httphttp-2147467263


System errors:
=============
Error: (03/02/2019 06:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/02/2019 05:47:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/01/2019 07:46:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (03/01/2019 07:36:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/27/2019 05:55:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba nabízených oznámení Windows_6ce24 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/27/2019 05:15:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/26/2019 03:37:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/23/2019 03:45:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-03-02 19:54:23.567
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80508023
Popis chyby: Program nenašel na tomto zařízení malware ani jiný potenciálně nevyžádaný software.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2019-03-02 19:47:50.581
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:27.858
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:27.592
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:26.242
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:26.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:25.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:25.485
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-02 19:45:25.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8128.97 MB
Available physical RAM: 4969.82 MB
Total Virtual: 16832.97 MB
Available Virtual: 13554.64 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:53.17 GB) NTFS
Drive d: (DATA) (Fixed) (Total:453.61 GB) (Free:443.95 GB) NTFS

\\?\Volume{0c12a3d3-f5c2-421e-bbc8-35ee36616cf2}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{fd2696f3-a8b4-47b1-81a2-9519c6419ede}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{375748e3-8709-4c10-8f72-81c561a3bb21}\ (Push Button Reset) (Fixed) (Total:24 GB) (Free:7.59 GB) NTFS
\\?\Volume{bf0fd382-fa9f-42ec-b773-5b1c012ee9b8}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BB858C2C)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {1B68F437-ACE6-46E6-A897-ED4AD7D013DE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {218CB135-4B00-441C-8EDC-545107549AE7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {304D3203-31C5-45F3-BA2F-4F2AF6F8EFFB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3232D210-9C49-4C67-85C4-E1B1F4CCDA14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {345AD28A-E0E3-4003-8B7E-5DF36849F335} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {38B2CF68-A23C-4799-ADA0-9436C36E4773} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {55E31A28-05F0-4972-B695-D595D9FC03BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {59CF5685-A198-4AC9-BD9D-784C7EAAB016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A4A9DE6-18BD-451F-AFF1-475071F0B996} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6434321F-9345-4519-9AA6-A5C574AFB390} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {67C483FE-7AD3-49B6-B934-6DB5132E0139} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {683DF496-0EBC-4556-8745-A28F05F033C7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C7EF7AF-BE7D-4C47-B54E-6524C0143480} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6EA36E2E-78B4-4BD1-9E54-2B3B23EFD29F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C1D40C7-5367-46D3-BD22-DE73F1889296} - \WPD\SqmUpload_S-1-5-21-1244017325-3987402715-3454423037-1001 -> No File <==== ATTENTION
Task: {A5962939-4761-4C9E-924F-10EDA7241DD7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {AD117CBE-5F0E-458F-8D5E-F3644B428DD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2E81E60-67CC-4D3B-BA6E-C7BB1F74FCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\rodinkasebestovi:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{07645C76-CDCE-4206-9F91-75C4EFC680BF}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
FirewallRules: [TCP Query User{02323A6F-3CC4-45C3-9250-AFE90B020746}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\MountPoints2: {eedfe6b2-a94c-11e5-8117-7054d250935b} - "E:\Setup.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
earchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {E299875A-F013-42FA-A241-4C2722469B5D} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\rodinkasebestovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte do C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Windows\INetCache\IE\XSM8E6U6 jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[toox]

složku INetCache jsem nenašel

[Rudy]

Fixlist musí být uložen ve stejné adresáři jako FRST. A ten je C:\Users\rodinkasebestovi\AppData\Local\Microsoft\Windows\INetCache\IE\XSM8E6U6. Takže v PC být musí. Pokud ho nevidíte, zapněte si zobrazení skrytých a systémových adresářů a souborů.

[toox]

Složku jsem našel ale samotný FRST program už ne . Stáhl jsem jen znovu tentokrát na plochu a přidal vedle něj fixlist a spustil

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by rodinkasebestovi (04-03-2019 17:13:57) Run:1
Running from C:\Users\rodinkasebestovi\Desktop
Loaded Profiles: rodinkasebestovi & (Available Profiles: rodinkasebestovi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {1B68F437-ACE6-46E6-A897-ED4AD7D013DE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {218CB135-4B00-441C-8EDC-545107549AE7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {304D3203-31C5-45F3-BA2F-4F2AF6F8EFFB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3232D210-9C49-4C67-85C4-E1B1F4CCDA14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {345AD28A-E0E3-4003-8B7E-5DF36849F335} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {38B2CF68-A23C-4799-ADA0-9436C36E4773} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {55E31A28-05F0-4972-B695-D595D9FC03BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {59CF5685-A198-4AC9-BD9D-784C7EAAB016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A4A9DE6-18BD-451F-AFF1-475071F0B996} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6434321F-9345-4519-9AA6-A5C574AFB390} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {67C483FE-7AD3-49B6-B934-6DB5132E0139} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {683DF496-0EBC-4556-8745-A28F05F033C7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C7EF7AF-BE7D-4C47-B54E-6524C0143480} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6EA36E2E-78B4-4BD1-9E54-2B3B23EFD29F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C1D40C7-5367-46D3-BD22-DE73F1889296} - \WPD\SqmUpload_S-1-5-21-1244017325-3987402715-3454423037-1001 -> No File <==== ATTENTION
Task: {A5962939-4761-4C9E-924F-10EDA7241DD7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {AD117CBE-5F0E-458F-8D5E-F3644B428DD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2E81E60-67CC-4D3B-BA6E-C7BB1F74FCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\rodinkasebestovi:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{07645C76-CDCE-4206-9F91-75C4EFC680BF}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
FirewallRules: [TCP Query User{02323A6F-3CC4-45C3-9250-AFE90B020746}F:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr741n\easysetupassistant.exe No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\...\MountPoints2: {eedfe6b2-a94c-11e5-8117-7054d250935b} - "E:\Setup.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
earchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> {E299875A-F013-42FA-A241-4C2722469B5D} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\rodinkasebestovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B68F437-ACE6-46E6-A897-ED4AD7D013DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B68F437-ACE6-46E6-A897-ED4AD7D013DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{218CB135-4B00-441C-8EDC-545107549AE7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218CB135-4B00-441C-8EDC-545107549AE7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{304D3203-31C5-45F3-BA2F-4F2AF6F8EFFB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{304D3203-31C5-45F3-BA2F-4F2AF6F8EFFB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3232D210-9C49-4C67-85C4-E1B1F4CCDA14}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3232D210-9C49-4C67-85C4-E1B1F4CCDA14}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{345AD28A-E0E3-4003-8B7E-5DF36849F335}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{345AD28A-E0E3-4003-8B7E-5DF36849F335}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38B2CF68-A23C-4799-ADA0-9436C36E4773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38B2CF68-A23C-4799-ADA0-9436C36E4773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55E31A28-05F0-4972-B695-D595D9FC03BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55E31A28-05F0-4972-B695-D595D9FC03BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59CF5685-A198-4AC9-BD9D-784C7EAAB016}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CF5685-A198-4AC9-BD9D-784C7EAAB016}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A4A9DE6-18BD-451F-AFF1-475071F0B996}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4A9DE6-18BD-451F-AFF1-475071F0B996}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6434321F-9345-4519-9AA6-A5C574AFB390}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6434321F-9345-4519-9AA6-A5C574AFB390}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67C483FE-7AD3-49B6-B934-6DB5132E0139}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C483FE-7AD3-49B6-B934-6DB5132E0139}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{683DF496-0EBC-4556-8745-A28F05F033C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{683DF496-0EBC-4556-8745-A28F05F033C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C7EF7AF-BE7D-4C47-B54E-6524C0143480}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C7EF7AF-BE7D-4C47-B54E-6524C0143480}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EA36E2E-78B4-4BD1-9E54-2B3B23EFD29F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA36E2E-78B4-4BD1-9E54-2B3B23EFD29F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C1D40C7-5367-46D3-BD22-DE73F1889296}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C1D40C7-5367-46D3-BD22-DE73F1889296}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1244017325-3987402715-3454423037-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5962939-4761-4C9E-924F-10EDA7241DD7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5962939-4761-4C9E-924F-10EDA7241DD7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD117CBE-5F0E-458F-8D5E-F3644B428DD4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD117CBE-5F0E-458F-8D5E-F3644B428DD4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2E81E60-67CC-4D3B-BA6E-C7BB1F74FCFF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E81E60-67CC-4D3B-BA6E-C7BB1F74FCFF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
C:\Users\rodinkasebestovi => ":Heroes & Generals" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{07645C76-CDCE-4206-9F91-75C4EFC680BF}F:\easysetupassistant\wr741n\easysetupassistant.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02323A6F-3CC4-45C3-9250-AFE90B020746}F:\easysetupassistant\wr741n\easysetupassistant.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eedfe6b2-a94c-11e5-8117-7054d250935b} => removed successfully
HKLM\Software\Classes\CLSID\{eedfe6b2-a94c-11e5-8117-7054d250935b} => not found
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value data removed successfully
earchScopes: HKU\S-1-5-21-1244017325-3987402715-3454423037-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2 ... -SearchBox => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1244017325-3987402715-3454423037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E299875A-F013-42FA-A241-4C2722469B5D} => removed successfully
HKLM\Software\Classes\CLSID\{E299875A-F013-42FA-A241-4C2722469B5D} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\rodinkasebestovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 630632862 B
Java, Flash, Steam htmlcache => 1245 B
Windows/system/drivers => 2708072 B
Edge => 9917647 B
Chrome => 444314236 B
Firefox => 282362095 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 176154 B
LocalService => 0 B
NetworkService => 2926 B
NetworkService => 0 B
rodinkasebestovi => 86731065 B

RecycleBin => 20386708231 B
EmptyTemp: => 20.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:15:33 ====

[Rudy]

Smazáno, log by již měl být OK.

[toox]

Tak to jsem rád, děkuji moc. Otec se divil že měl tolik havěti v PC, když má Premium Avast !

[Rudy]

Žádná záhada. Většina byla tzv. AdWare a PUP (potentialy unwanted program) a na ten běžný antivir nereaguje (krom zpomalení chodu se nepodílí na škodlivých aktivitách). Byl tam jen jeden coinminer a ten odstranil už MBAM.

[toox]

Díky mnohokrát

[Rudy]

Rádo se stalo!