prev controla

Zpráva

TIVL · #1 Příspěvek od **TIVL** » 30 led 2017 19:16

Zdravím,
nic závažnýho, krom občasnýho seknutí kurzoru myšky.
Posílám log z FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Virgill (administrator) on VIRGILL-PC (30-01-2017 19:07:44)
Running from C:\Users\Virgill\Downloads
Loaded Profiles: Virgill (Available Profiles: Virgill)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\wimserv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\INS_894b6c07.TMP
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe [18923008 2015-06-16] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1046064 2017-01-23] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [MurGee.com Auto Keyboard] => C:\Users\Virgill\Documents\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\MountPoints2: {25f03466-b0ed-11e5-8ece-000e2e640877} - "I:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{2cbd68be-aa6a-4cb1-aa11-c6266c4cebdc}: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{30877717-9a83-4c96-a7ba-9b10675a8260}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{949d9305-ddc3-4f35-807f-a176e512e079}: [DhcpNameServer] 213.180.36.130 213.180.36.131

Internet Explorer:
==================
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131011372525856110&GUID=1BFBEC75-BC8E-4BF1-A4CE-F3C39D704A26
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> DefaultScope {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {3C46B73F-0D56-4415-9541-862D61CAFC41} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {58478693-1F8E-49e3-A598-38C048094EB0} URL = hxxp://www.google.com/custom?client=pub-379428 ... earchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-23] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\rulez\startrek\Arc\Plugins\ArcPluginIE.dll [2016-12-08] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> No Name - {A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} - No File

FireFox:
========
FF ProfilePath: C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878 [2017-01-30]
FF Extension: (Firebug) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (MEGA) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firefox@mega.co.nz.xpi [2017-01-30]
FF Extension: (Pin It button) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-09-29]
FF Extension: (Adblock Plus) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\rulez\startrek\Arc\Plugins\npArcPluginFF.dll [2016-12-08] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2573572955-775236183-1901679569-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Virgill\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Prezentace Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-18]
CHR Extension: (Dokumenty Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-20]
CHR Extension: (Disk Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-20]
CHR Extension: (YouTube) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
CHR Extension: (Tabulky Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\rulez\startrek\Arc\ArcService.exe [87064 2016-12-08] (Perfect World Entertainment Inc)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 gupdate1d2463ee6998e6f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
S3 gupdatem1d2463ee6a2ddb1; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-06] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1318128 2017-01-23] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2015-10-30] (Broadcom Corporation)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [49944 2016-06-02] (CyberLink Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2016-09-22] (DT Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-29] (REALiX(tm))
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-30] (Realtek )
S3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2015-10-30] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-11-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-09-29] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [303104 2015-10-30] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 19:07 - 2017-01-30 19:08 - 00016817 _____ C:\Users\Virgill\Downloads\FRST.txt
2017-01-30 19:07 - 2017-01-30 19:07 - 00000000 ____D C:\FRST
2017-01-30 19:06 - 2017-01-30 19:07 - 02420736 _____ (Farbar) C:\Users\Virgill\Downloads\FRST64.exe
2017-01-25 07:14 - 2017-01-25 07:14 - 00000000 ____D C:\Users\Virgill\AppData\Local\Chromium
2017-01-25 07:12 - 2017-01-25 07:12 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2017-01-25 07:12 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-25 07:12 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-25 07:12 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-25 07:12 - 2017-01-06 02:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-25 07:12 - 2017-01-06 01:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-18 22:44 - 2017-01-18 22:45 - 07586584 _____ (Christian Kaiser ) C:\Users\Virgill\Downloads\LightscreenSetup-2.4.exe
2017-01-17 14:11 - 2017-01-17 14:11 - 17628560 _____ (IObit ) C:\Users\Virgill\Downloads\driver_booster_setup.exe
2017-01-17 07:08 - 2017-01-17 07:08 - 00000000 ____D C:\Users\Virgill\Downloads\backups
2017-01-17 07:05 - 2017-01-17 07:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Virgill\Downloads\hijackthis.exe
2017-01-11 23:52 - 2017-01-11 23:52 - 00000042 _____ C:\Users\Virgill\Desktop\CPA action.txt
2017-01-11 08:33 - 2016-12-21 10:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 08:33 - 2016-12-21 10:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-11 08:33 - 2016-12-21 09:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-11 08:33 - 2016-12-21 08:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-11 08:33 - 2016-12-21 07:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-11 08:33 - 2016-12-21 06:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-11 08:33 - 2016-12-21 06:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 08:33 - 2016-12-21 06:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 08:33 - 2016-12-21 06:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-11 08:33 - 2016-12-21 06:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 08:33 - 2016-12-21 05:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 08:33 - 2016-10-25 07:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 19:08 - 2016-01-20 16:52 - 00000692 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-01-30 18:54 - 2015-12-21 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\TS3Client
2017-01-30 18:44 - 2016-07-04 10:13 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-30 18:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-30 18:39 - 2016-11-18 17:33 - 00000000 ____D C:\Users\Virgill\AppData\LocalLow\Mozilla
2017-01-30 18:37 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-30 18:36 - 2016-07-03 08:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-30 18:35 - 2015-12-20 20:30 - 00004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{033FCC92-586D-449F-8D21-4887FE3C1747}
2017-01-30 18:34 - 2016-09-29 03:19 - 00003036 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Virgill)
2017-01-30 18:31 - 2016-10-27 18:23 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-30 00:21 - 2016-01-20 16:52 - 00000596 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-01-28 19:07 - 2016-11-10 07:04 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1478757887
2017-01-28 19:07 - 2016-11-10 07:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-01-28 19:07 - 2016-11-10 07:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-28 01:30 - 2016-10-26 23:43 - 00000000 ____D C:\Program Files (x86)\BSGO
2017-01-27 23:53 - 2016-07-17 15:59 - 00000000 ____D C:\Users\Virgill\AppData\Local\CrashDumps
2017-01-27 22:54 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-27 22:54 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 22:43 - 2015-12-23 09:50 - 00000000 ____D C:\Users\Virgill\Documents\bsgo
2017-01-26 15:02 - 2016-01-15 09:02 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-01-25 07:28 - 2016-01-20 16:52 - 00003854 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-01-25 07:28 - 2016-01-20 16:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-01-25 07:16 - 2015-12-19 05:27 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 07:16 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-25 07:16 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-25 07:16 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-25 07:14 - 2016-10-05 18:36 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-25 07:14 - 2016-10-05 18:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:14 - 2016-07-03 08:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-25 07:13 - 2016-07-03 08:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-25 07:12 - 2016-10-05 18:35 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2016-10-05 18:35 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2016-10-05 18:35 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2016-10-05 18:35 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2016-10-05 18:35 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2016-07-04 10:05 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA Corporation
2017-01-25 07:12 - 2016-07-03 09:28 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA
2017-01-25 07:12 - 2016-07-03 08:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-23 11:42 - 2016-09-03 11:35 - 00000000 ____D C:\Users\Virgill\AppData\Local\Akamai
2017-01-22 21:05 - 2016-10-31 21:12 - 00000000 ____D C:\WINDOWS\Panther
2017-01-22 20:58 - 2016-12-02 23:14 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-22 20:38 - 2016-11-12 14:00 - 00000000 ____D C:\Users\Virgill\AppData\Local\TeamSpeak 3 Client
2017-01-21 04:41 - 2015-12-19 05:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 00:37 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-20 05:18 - 2016-12-14 05:21 - 00000276 _____ C:\Users\Virgill\Desktop\VypinacPC.ini
2017-01-18 16:25 - 2015-12-20 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Local\GHISLER
2017-01-17 15:07 - 2016-12-30 01:46 - 00000000 ____D C:\Users\Virgill\Documents\startrek
2017-01-17 07:05 - 2015-12-19 00:38 - 00000000 ____D C:\Users\Virgill\AppData\Local\VirtualStore
2017-01-17 06:53 - 2015-12-19 00:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-17 06:52 - 2016-07-24 17:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-17 06:50 - 2016-01-02 02:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-17 06:48 - 2015-12-19 05:18 - 00000000 ____D C:\Users\Virgill
2017-01-14 08:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 12:32 - 2016-11-09 12:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-12 05:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 08:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 08:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 08:42 - 2015-12-19 01:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 08:39 - 2015-12-19 01:31 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 08:39 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 07:57 - 2016-11-10 04:01 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 01:34 - 2015-12-20 20:36 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\vlc
2017-01-06 02:10 - 2016-10-05 18:35 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-06 02:10 - 2016-10-05 18:35 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-06 02:10 - 2016-10-05 18:35 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-06 02:10 - 2016-10-05 18:35 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-06 02:10 - 2016-10-05 18:35 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-06 02:10 - 2016-10-05 18:35 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-06 00:42 - 2016-10-05 18:35 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-03 19:12 - 2015-12-30 01:05 - 00000000 ____D C:\Program Files\Miranda NG
2017-01-02 21:05 - 2016-11-03 03:03 - 00000002 _____ C:\END
2016-12-31 06:45 - 2015-12-19 05:18 - 00524288 ___SH C:\Users\Virgill\NTUSER.DAT{dbf448c2-a606-11e5-8ec4-f6e736bdca8a}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 06:45 - 2015-12-19 05:18 - 00065536 ___SH C:\Users\Virgill\NTUSER.DAT{dbf448c2-a606-11e5-8ec4-f6e736bdca8a}.TM.blf
2016-12-31 01:27 - 2015-10-30 07:28 - 00000000 ___RD C:\Program Files (x86)

==================== Files in the root of some directories =======

2016-07-23 13:08 - 2016-07-23 13:08 - 0003584 _____ () C:\Users\Virgill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-04 12:17 - 2016-02-04 12:17 - 0000858 _____ () C:\Users\Virgill\AppData\Local\recently-used.xbel
2015-12-22 01:30 - 2015-12-22 01:30 - 0000017 _____ () C:\Users\Virgill\AppData\Local\resmon.resmoncfg
2016-10-30 14:10 - 2016-10-30 14:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Virgill\dht.dat
C:\Users\Virgill\resume.20160923.124007.dat
C:\Users\Virgill\resume.dat
C:\Users\Virgill\rss.dat
C:\Users\Virgill\settings.dat
C:\Users\Virgill\uninstall.exe
C:\Users\Virgill\utorrent.exe

Some files in TEMP:
====================
2016-10-05 18:35 - 2016-10-25 21:21 - 1137208 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetry.dll
2016-10-05 18:35 - 2016-10-25 21:21 - 0218680 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-05 18:35 - 2016-10-25 21:21 - 0270392 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-28 10:40

==================== End of FRST.txt ============================

#2 Příspěvek od **altrok** » 30 led 2017 20:47

Hezky den,

vlozte jeste obsah logu Addition.txt (mrkneme na par poslednich zaznamu z protokolu udalosti, kde by mohly byt informace o chybach vztahujicich se k mysi).

TIVL · #3 Příspěvek od **TIVL** » 31 led 2017 19:12

Dobrý den,
požadovaný adition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Virgill (30-01-2017 19:09:06)
Running from C:\Users\Virgill\Downloads
Windows 10 Pro Version 1511 (X64) (2015-12-19 10:59:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2573572955-775236183-1901679569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2573572955-775236183-1901679569-503 - Limited - Disabled)
Guest (S-1-5-21-2573572955-775236183-1901679569-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2573572955-775236183-1901679569-1005 - Limited - Enabled)
Virgill (S-1-5-21-2573572955-775236183-1901679569-1000 - Administrator - Enabled) => C:\Users\Virgill

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actionaz 3.8.0 (64 bits) (HKLM\...\{098CDAF9-5A9B-4731-9F3C-F3F1DF7490C2}_is1) (Version: 3.8.0 - Actionaz.org)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace NVIDIA 23.2.20.0 (Version: 23.2.20.0 - NVIDIA Corporation) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.5.1125 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlestar Galactica Online (HKLM-x32\...\Battlestar Galactica Online_is1) (Version: 1.0 - Bigpoint GmbH)
Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.06.0005 - Bloody)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.3 - IObit)
Easy Convert (HKLM-x32\...\{75FB2985-E457-4BFF-B94D-EB38C0DE4089}) (Version: 1.0.1 - Smart PC Soft)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
HHD Software Hex Editor Neo 6.24 (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Smart Assistant 1.03 (HKLM-x32\...\VibeRomFlash) (Version: 1.03.0.0 - Lenovo)
MetaTrader FIX (HKLM-x32\...\MetaTrader FIX) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Miranda NG (HKLM-x32\...\Miranda NG_is1) (Version: 0.95.4 - Miranda NG Team)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 51.0.1 (x64 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Nero 9 Lite (HKLM-x32\...\{92d90838-e7cf-4798-904c-7397a9ccc247}) (Version: - Nero AG)
NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
Opera Stable 42.0.2393.517 (HKLM-x32\...\Opera 42.0.2393.517) (Version: 42.0.2393.517 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.102.24.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Ovládací panel NVIDIA 375.70 (Version: 375.70 - NVIDIA Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
ReMouse Micro (HKLM-x32\...\ReMouse Micro_is1) (Version: Micro V3.5.3 - AutomaticSolution Software)
Resource Hacker Version 4.3.20 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.5.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\4190\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012F03A9-45BC-496F-892D-EBC11A0D9A3F} - System32\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000 => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {02556674-1C3A-4756-8322-724B1FDAB09B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\Scheduler.exe [2016-09-20] (IObit)
Task: {032864F4-9B44-44D3-86C5-FBB538998D14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {03A7CDE1-E6CF-4AA4-883A-1F4A1078A1BA} - System32\Tasks\Driver Booster SkipUAC (Virgill) => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe [2016-09-22] (IObit)
Task: {05CD1E4B-9B13-4A1D-BB37-1D84E7DFA6E4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {097C4CB6-A399-4F29-8343-47319968DCD8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {0BA89F32-B7EA-4FD1-83F7-FC0F170877FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0DB38941-FC63-41FD-9F92-6E1ACC493321} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {168A5B4A-9E0D-488F-9366-645F7618CB24} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EF2D223-EBAB-4EA4-A7F5-A4F47906231B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {21C2F3F6-D5B0-4577-B67D-2E492C3E8E09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {2562D0F7-4C31-4998-B5E0-43462A9487CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {260DF08A-AB61-42E7-A313-A1AED337E1BF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-06] (NVIDIA Corporation)
Task: {37EA35C2-EE92-4854-AF87-F58E96003C20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {37F9BB98-BD7A-4B74-9A93-3D61FE2921A6} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {390BA014-2F93-4A4E-9B84-3DDF37F7265B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-06] (NVIDIA Corporation)
Task: {4386CD99-0A8D-4200-824B-1D7096B08F3B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {533C7F7F-75BA-4B1A-A7B7-C3B53AA606A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {57964FC6-9BF3-4E1C-A86B-D6261ECFFA1A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
Task: {58CC5027-5CBC-4528-82D0-04F7EB43A7DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CFD5A91-EFDC-4578-8919-B1A97B144B6C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {62EE851C-2874-4A38-B237-AD10CF234361} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6CE33040-8207-4E75-AA03-CC1E486F7107} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6EB417E2-FCFC-42C3-BFBA-86C13104465F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7B32F32A-BD68-4175-BEBF-44016D529CE6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-06] (NVIDIA Corporation)
Task: {7CFAD5C4-8531-418A-88BC-8DC28624A405} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8DC542F2-F34B-4AF8-910F-A080CC90A7F8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation)
Task: {8F29BFD3-E330-4C13-9FED-CCC5A2F33FE0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E459EEF-0BE6-4AEA-9652-FEBA6941C56B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000 => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A3D9869A-7AD3-4C29-A86A-FFC4944CD35D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A6A4DC3F-D057-41EE-8E74-3F704A112559} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD17F9C4-3B2F-4CD2-9449-A13670CB5078} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {B0466BC7-0F55-486F-AA43-9BD50028EC5D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B05E7EC7-3EBD-4043-8460-EB7FFD853103} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)
Task: {B95E1B2B-607D-40C5-A37C-557C3D328CA1} - System32\Tasks\Opera scheduled Autoupdate 1478757887 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-26] (Opera Software)
Task: {BB98A984-F8E3-4BDB-B8EC-FB57778538E0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C08CFA16-9819-437E-95FF-312AA5635B3A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0E00B84-CF1D-4B60-BE51-AEFF03BE365B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E36FC41B-A7AF-4F3F-8B77-7F90DB0A6748} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation)
Task: {E79963DE-31E9-4D80-973D-70C357FC5A4E} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-01-23] (Overwolf LTD)
Task: {E9F92C46-6703-4A7E-9DEE-76AF44510DFD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB7C164B-C304-472F-BE01-948A5828C0DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFD6D8A0-2CA5-49F0-A0A3-D34629371941} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000.job => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000.job => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:35 - 2017-01-06 02:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-05 18:35 - 2017-01-06 02:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-03 08:21 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 22:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 22:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-25 06:50 - 2016-05-25 06:50 - 00959168 _____ () C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-12-19 12:18 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-15 17:24 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 22:18 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 22:17 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 22:18 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 22:17 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-12 01:10 - 2015-06-16 16:11 - 18923008 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
2016-05-05 15:53 - 2016-05-05 15:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-10-05 18:35 - 2017-01-06 02:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-05 18:35 - 2017-01-06 02:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-05 18:35 - 2017-01-06 02:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-12 01:10 - 2013-04-03 18:29 - 00085504 _____ () C:\Program Files (x86)\Bloody5\Bloody5\DLL\DLL_ZoomControl.dll
2016-01-12 01:10 - 2014-01-10 17:48 - 04260352 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2016-11-28 16:06 - 2016-11-28 16:06 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-10-05 18:35 - 2017-01-06 01:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-05 18:35 - 2017-01-06 01:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-05 18:35 - 2017-01-06 01:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-05 18:35 - 2017-01-06 01:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-05 18:35 - 2017-01-06 01:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-05 18:35 - 2017-01-06 01:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-05 18:35 - 2017-01-06 01:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-25 07:13 - 2017-01-06 01:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-05-05 15:53 - 2016-05-05 15:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-05 15:53 - 2016-05-05 15:53 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-05-05 15:53 - 2016-05-05 15:53 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-05-05 15:53 - 2016-05-05 15:53 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 185.147.250.13 - 185.147.250.14
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "GenieFloater"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "AshSnap"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{50AC69E7-B7B5-43C5-8902-198A5C347E4C}C:\program files\miranda ng\miranda64.exe] => C:\program files\miranda ng\miranda64.exe
FirewallRules: [UDP Query User{C95E6922-3F65-46CC-9980-493F613C6385}C:\program files\miranda ng\miranda64.exe] => C:\program files\miranda ng\miranda64.exe
FirewallRules: [{1085178E-DB3C-448D-BCF4-C2C78B825D96}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D2AE884E-E6DA-45A3-858E-E79B6953B71C}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{371E2B30-BA9F-4459-A8E4-57B78D61E319}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0745B036-C7E3-443C-8FFE-9E605332C029}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68488DE5-075D-4FC2-BA76-54DA5E10096E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7BBEE8BC-4714-4DDD-ABBE-098EF8FC9C65}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4BB8947D-F514-4FF6-9061-1C034661E498}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{BF60B984-FAB2-4FF4-8132-DBCC624ED188}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{387824C3-FCAD-4A91-835F-CEE128DB8624}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{69634CC7-3764-4CEA-9D5E-76E8ABA02AC4}] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{53F11CD9-4222-4ED5-ACED-E0966E3EFDA1}] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{9501C11D-8364-4DAA-9A3A-547F3EA9B843}C:\users\virgill\appdata\roaming\utorrent\utorrent.exe] => C:\users\virgill\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{CED31BB5-A79B-4ACC-95A5-FEFF2BA93A6F}C:\users\virgill\appdata\roaming\utorrent\utorrent.exe] => C:\users\virgill\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{93560EEE-2C5E-4211-99D0-5AFA75A59FF3}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6FDDF03F-4F02-42E7-B968-E1D68E979691}] => LPort=2869
FirewallRules: [{70957527-2900-4333-88F5-BADDCE209496}] => LPort=1900
FirewallRules: [{C6CBA191-F63A-462D-8E49-969648C2A388}] => C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{DD68EB5C-A117-4A03-B7AD-D1B42D7F9C0B}] => C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{82063E85-CEC4-4FE2-85AB-10CB2CFAD28F}] => C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{48258FEF-9224-4011-9272-242B48ABE5E6}] => C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [TCP Query User{65352131-B2DD-44E5-A8E0-8656F7757C14}C:\users\virgill\appdata\local\akamai\netsession_win.exe] => C:\users\virgill\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2F86E1F2-34A9-4A16-BDD6-C80DB29D2C88}C:\users\virgill\appdata\local\akamai\netsession_win.exe] => C:\users\virgill\appdata\local\akamai\netsession_win.exe
FirewallRules: [{81F143BF-C1E0-4139-831A-60702FF4BF4B}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{FBE3DCFA-0F13-4FE8-8ED0-C7410A2752A2}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{381492EE-EDB1-4D12-B452-6E6FBA20F938}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{669C9858-C2B2-423F-BA8C-7E2D9544F36F}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{97345292-2B33-4D75-9017-AC13D318E2E1}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{1AAA60E3-35A5-4D40-A3C4-C76DB303E5B6}] => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{34D3C472-92F7-4EC0-81D5-922D0E79466C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D6BE54B-8195-4848-8537-18ED19F032B3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1183586E-E477-44F6-8678-43985A9CFC32}C:\rulez\bsgo\launcher\launcher.exe] => C:\rulez\bsgo\launcher\launcher.exe
FirewallRules: [UDP Query User{C4B8C9B9-9FB8-4850-8EEE-A5190E448E3A}C:\rulez\bsgo\launcher\launcher.exe] => C:\rulez\bsgo\launcher\launcher.exe
FirewallRules: [TCP Query User{2D7AF4B5-F532-4C7D-98BA-A80F3C6B4BDA}C:\program files (x86)\bsgo\launcher\launcher.exe] => C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [UDP Query User{D8146613-F217-4171-BD6C-D0F411BC2F1A}C:\program files (x86)\bsgo\launcher\launcher.exe] => C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [{81A108D0-A17B-4B32-91E7-734B6F71B979}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D9AA8443-794C-4516-AEB4-352F292C62E4}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5906AA7F-5744-4DBF-9DD0-C9E4F6B4D351}C:\rulez\lotr\lotroclient.exe] => C:\rulez\lotr\lotroclient.exe
FirewallRules: [UDP Query User{AFC98FD2-6E8D-45AF-BD5E-AABC7A3F0A19}C:\rulez\lotr\lotroclient.exe] => C:\rulez\lotr\lotroclient.exe
FirewallRules: [TCP Query User{F0F3B544-6108-4278-8B79-9D0C878D035A}C:\rulez\star conflict\launcher.exe] => C:\rulez\star conflict\launcher.exe
FirewallRules: [UDP Query User{E0EF3D6C-2EFC-434E-A567-B57F1BACC2E3}C:\rulez\star conflict\launcher.exe] => C:\rulez\star conflict\launcher.exe
FirewallRules: [TCP Query User{2D8279E2-96A1-4A6E-AB5D-1D3E59577225}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{AC35FA1C-49E6-46BE-9600-F2512D5121FD}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{E602BA51-2EB1-4940-961C-7622C93EAD41}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{521B8818-754A-4953-B1A5-C434B4CB8AAC}C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe] => C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{2CDE1BD0-A83D-4D0D-853C-F17D051ACE06}C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe] => C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{D3A69B7A-B155-4B88-87FD-6A176AD33EB6}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{8C47FC9B-228D-4D22-B41E-239886DC9579}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72A96462-805C-4905-ADB5-032C7D7FDE30}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9BB3C79F-7576-422E-8403-794597EB256A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{92748588-80C5-44AA-BB47-C9D966788EA3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{973A5658-3C5D-41FD-B765-18B64D6FA8C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E1E3B7F-9C22-41E3-A175-EF77234DBB3B}] => C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe

==================== Restore Points =========================

30-12-2016 01:49:45 Installed Arc
10-01-2017 14:14:02 Naplánovaný kontrolní bod
17-01-2017 06:52:33 Odstraněno Zaklínač - Rozšířená edice

==================== Faulty Device Manager Devices =============

Name: Obecný monitor PnP
Description: Obecný monitor PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní typy monitorů)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Obecný monitor PnP
Description: Obecný monitor PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní typy monitorů)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2017 06:31:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIRGILL-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (01/30/2017 12:33:00 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/29/2017 02:13:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIRGILL-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (01/28/2017 10:46:43 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/28/2017 05:42:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIRGILL-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (01/28/2017 01:27:41 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/27/2017 11:53:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: bsgo.exe, verze: 5.1.5.58661, časové razítko: 0x574eb213
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x284
Čas spuštění chybující aplikace: 0x01d278c36cf71c99
Cesta k chybující aplikaci: C:\Program Files (x86)\BSGO\client\live\bsgo.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 9e5f2b85-949c-4e55-ba10-cf09fda85191
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/27/2017 06:28:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIRGILL-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (01/27/2017 12:50:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: bsgo.exe, verze: 5.1.5.58661, časové razítko: 0x574eb213
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2270
Čas spuštění chybující aplikace: 0x01d2787d646ee00a
Cesta k chybující aplikaci: C:\Program Files (x86)\BSGO\client\live\bsgo.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0e834b05-d3a7-4a2b-ad52-634a91878109
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/26/2017 05:04:53 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

System errors:
=============
Error: (01/30/2017 06:31:29 PM) (Source: DCOM) (EventID: 10010) (User: VIRGILL-PC)
Description: Server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/30/2017 12:33:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_254756b0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/30/2017 12:33:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_254756b0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/30/2017 12:33:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_254756b0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/30/2017 12:33:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_254756b0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/29/2017 02:13:41 PM) (Source: DCOM) (EventID: 10016) (User: VIRGILL-PC)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Virgill-PC\Virgill (SID: S-1-5-21-2573572955-775236183-1901679569-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 02:13:40 PM) (Source: DCOM) (EventID: 10016) (User: VIRGILL-PC)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Virgill-PC\Virgill (SID: S-1-5-21-2573572955-775236183-1901679569-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 02:13:40 PM) (Source: DCOM) (EventID: 10016) (User: VIRGILL-PC)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Virgill-PC\Virgill (SID: S-1-5-21-2573572955-775236183-1901679569-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 02:13:40 PM) (Source: DCOM) (EventID: 10016) (User: VIRGILL-PC)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Virgill-PC\Virgill (SID: S-1-5-21-2573572955-775236183-1901679569-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/29/2017 02:13:39 PM) (Source: DCOM) (EventID: 10016) (User: VIRGILL-PC)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli Virgill-PC\Virgill (SID: S-1-5-21-2573572955-775236183-1901679569-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

CodeIntegrity:
===================================
Date: 2017-01-14 11:04:48.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-13 12:33:30.820
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 04:40:59.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-30 02:14:02.172
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 08:55:01.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-24 08:55:01.836
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-24 08:55:01.781
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-24 08:55:01.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-24 08:55:01.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-24 08:55:01.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 52%
Total physical RAM: 3963.49 MB
Available physical RAM: 1873.32 MB
Total Virtual: 7931.49 MB
Available Virtual: 5410.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:107.02 GB) NTFS
Drive d: () (Fixed) (Total:186.07 GB) (Free:71.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 811594C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 000400A5)
Partition 1: (Active) - (Size=243 MB) - (Type=83)
Partition 2: (Not Active) - (Size=186.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4 Příspěvek od **altrok** » 03 úno 2017 06:21

V PC mate bezici AVG, ktere ale nevidim v Security Centru, kde vidim pouze aktivni Windows Defender. Je AVG plne funkcni? Pokud ano, Defender zakazte.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Clean (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

TIVL · #5 Příspěvek od **TIVL** » 06 úno 2017 08:35

Dobrý den,
log z adwclr po čištění a restartu. :

# AdwCleaner v6.043 - Log vytvořen 06/02/2017 v 08:29:30
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-03.2 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Virgill - VIRGILL-PC
# Spuštěno z : C:\Users\Virgill\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

[-] Soubor smazán: C:\END

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}

***** [ Prohlížeče ] *****

[-] [C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: aol.com
[-] [C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: ask.com

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1174 Bajty] - [06/02/2017 08:29:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [1586 Bajty] - [06/02/2017 08:20:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [1638 Bajty] - [06/02/2017 08:26:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1393 Bajty] ##########

#6 Příspěvek od **altrok** » 06 úno 2017 23:11

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

TIVL · #7 Příspěvek od **TIVL** » 11 úno 2017 15:20

Dobrý den,
posílám výsledek z MBAM. :

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 11.02.17
Čas skenování: 15:08
Logovací soubor: mbam_sken.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.50
Aktualizovat verzi balíku komponent: 1.0.1233
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: VIRGILL-PC\Virgill

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 404161
Uplynulý čas: 7 min, 14 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 3
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Žádná uživatelská akce, [700], [168908],1.0.1233
PUP.Optional.TNT, HKU\S-1-5-21-2573572955-775236183-1901679569-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3C46B73F-0D56-4415-9541-862D61CAFC41}, Žádná uživatelská akce, [17569], [244085],1.0.1233
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Žádná uživatelská akce, [700], [244072],1.0.1233

Hodnota v registru: 1
PUP.Optional.TNT, HKU\S-1-5-21-2573572955-775236183-1901679569-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3C46B73F-0D56-4415-9541-862D61CAFC41}|OSDFILEURL, Žádná uživatelská akce, [17569], [244085],1.0.1233

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#8 Příspěvek od **altrok** » 12 úno 2017 18:11

Vsechny nalezy MBAMu smazte/hodte do karanteny.

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

TIVL · #9 Příspěvek od **TIVL** » 23 úno 2017 06:47

frst log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Virgill (administrator) on VIRGILL-PC (23-02-2017 06:42:57)
Running from C:\Users\Virgill\Documents\zaloha\install
Loaded Profiles: Virgill (Available Profiles: Virgill)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\wimserv.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe [18923008 2015-06-16] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1057848 2017-02-20] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [MurGee.com Auto Keyboard] => C:\Users\Virgill\Documents\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\MountPoints2: {25f03466-b0ed-11e5-8ece-000e2e640877} - "I:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{2cbd68be-aa6a-4cb1-aa11-c6266c4cebdc}: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{30877717-9a83-4c96-a7ba-9b10675a8260}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{949d9305-ddc3-4f35-807f-a176e512e079}: [DhcpNameServer] 213.180.36.130 213.180.36.131

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131011372525856110&GUID=1BFBEC75-BC8E-4BF1-A4CE-F3C39D704A26
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> DefaultScope {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {3C46B73F-0D56-4415-9541-862D61CAFC41} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {58478693-1F8E-49e3-A598-38C048094EB0} URL = hxxp://www.google.com/custom?client=pub-379428 ... earchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-23] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\rulez\startrek\Arc\Plugins\ArcPluginIE.dll [2016-12-08] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> No Name - {A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} - No File
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\rulez\startrek\Arc\Plugins\npArcPluginFF.dll [2016-12-08] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2573572955-775236183-1901679569-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Virgill\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Extension: Firebug - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: MEGA - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firefox@mega.co.nz.xpi [2017-02-17]
FF Extension: Pin It button - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-09-29]
FF Extension: Adblock Plus - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]

Chrome:
=======
CHR Profile: C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-18]
CHR Extension: (Dokumenty Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-20]
CHR Extension: (Disk Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-20]
CHR Extension: (YouTube) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
CHR Extension: (Tabulky Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\rulez\startrek\Arc\ArcService.exe [87064 2016-12-08] (Perfect World Entertainment Inc)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-31] (AVG Technologies CZ, s.r.o.)
S2 gupdate1d2463ee6998e6f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
S3 gupdatem1d2463ee6a2ddb1; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U2 MessagingService_108f7c55; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_108f7c55; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_115ae3bc; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_115ae3bc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15ddc55f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15ddc55f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_1671a5d7; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_1671a5d7; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_1886edd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_1886edd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_1f7e916; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_1f7e916; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_34bf2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_34bf2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_368e00f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_368e00f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3c3abcf9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3c3abcf9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_40a8d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_40a8d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4406a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4406a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_447b1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_447b1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_5519b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_5519b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_567f6; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_567f6; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_67c62; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_67c62; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7131a98; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7131a98; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_7d3b8ae; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_7d3b8ae; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_a282a9b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_a282a9b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 MessagingService_e3cd4; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 MessagingService_e3cd4; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
U2 OneSyncSvc_108f7c55; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_108f7c55; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_115ae3bc; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_115ae3bc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15ddc55f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15ddc55f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1671a5d7; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1671a5d7; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_1886edd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_1886edd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1f7e916; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1f7e916; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_34bf2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_34bf2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_368e00f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_368e00f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3c3abcf9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3c3abcf9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_40a8d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_40a8d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4406a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4406a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_447b1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_447b1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_5519b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_5519b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_567f6; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_567f6; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_67c62; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_67c62; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7131a98; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7131a98; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7d3b8ae; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7d3b8ae; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_a282a9b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_a282a9b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e3cd4; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e3cd4; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325112 2017-02-20] (Overwolf LTD)
U3 PimIndexMaintenanceSvc_108f7c55; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_108f7c55; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_115ae3bc; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_115ae3bc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15ddc55f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15ddc55f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1671a5d7; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1671a5d7; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_1886edd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_1886edd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1f7e916; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1f7e916; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_34bf2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_34bf2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_368e00f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_368e00f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3c3abcf9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3c3abcf9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_40a8d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_40a8d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4406a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4406a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_447b1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_447b1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_5519b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_5519b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_567f6; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_567f6; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_67c62; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_67c62; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7131a98; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7131a98; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7d3b8ae; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7d3b8ae; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_a282a9b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_a282a9b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e3cd4; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e3cd4; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-07-01] (Microsoft Corporation)
U3 UnistoreSvc_108f7c55; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_108f7c55; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_115ae3bc; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_115ae3bc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15ddc55f; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15ddc55f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1671a5d7; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1671a5d7; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_1886edd9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_1886edd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1f7e916; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1f7e916; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_34bf2; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_34bf2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_368e00f; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_368e00f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3c3abcf9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3c3abcf9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_40a8d; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_40a8d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4406a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4406a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_447b1; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_447b1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_5519b; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_5519b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_567f6; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_567f6; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_67c62; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_67c62; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7131a98; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7131a98; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7d3b8ae; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7d3b8ae; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_a282a9b; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_a282a9b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e3cd4; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e3cd4; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_108f7c55; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_108f7c55; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_115ae3bc; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_115ae3bc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15ddc55f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15ddc55f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1671a5d7; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1671a5d7; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_1886edd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_1886edd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1f7e916; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1f7e916; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_34bf2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_34bf2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_368e00f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_368e00f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3c3abcf9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3c3abcf9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_40a8d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_40a8d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4406a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4406a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_447b1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_447b1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_5519b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_5519b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_567f6; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_567f6; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_67c62; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_67c62; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7131a98; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7131a98; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7d3b8ae; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7d3b8ae; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_a282a9b; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_a282a9b; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e3cd4; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e3cd4; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2015-10-30] (Broadcom Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 clwvd7; C:\Windows\system32\DRIVERS\clwvd7.sys [49944 2016-06-02] (CyberLink Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2016-09-22] (DT Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-29] (REALiX(tm))
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-10-30] (Realtek )
S3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [51712 2015-10-30] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-11-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-09-29] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [303104 2015-10-30] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 23:13 - 2017-02-21 23:13 - 09104281 _____ C:\Users\Virgill\Downloads\Orizon.zip
2017-02-21 15:39 - 2017-02-21 15:39 - 01381554 _____ C:\Users\Virgill\Downloads\ePSXe205.zip
2017-02-17 13:04 - 2017-02-17 13:04 - 00000000 ____D C:\Recovery
2017-02-16 02:42 - 2017-02-16 02:42 - 03514808 _____ (Uloz.to cloud a.s. ) C:\Users\Virgill\Downloads\Uloz.to_Uploader-setup.exe
2017-02-16 02:42 - 2017-02-16 02:42 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2017-02-16 02:42 - 2017-02-16 02:42 - 00000000 ____D C:\Users\Virgill\Documents\Ulozto
2017-02-16 02:42 - 2017-02-16 02:42 - 00000000 ____D C:\Program Files (x86)\Ulozto File Manager
2017-02-15 18:51 - 2017-02-16 00:39 - 00000000 ____D C:\Users\Virgill\Documents\Bandicam
2017-02-15 18:51 - 2017-02-15 18:51 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\BANDISOFT
2017-02-14 08:03 - 2017-02-14 08:04 - 12034560 _____ C:\Users\Virgill\Desktop\battlestarcalculator alpha 0.0.4.1.exe
2017-02-13 16:24 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2017-02-13 16:24 - 2017-02-15 18:40 - 00000000 ____D C:\Users\Virgill\Documents\OpenTTD
2017-02-13 16:24 - 2017-02-13 16:24 - 00000714 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2017-02-11 15:18 - 2017-02-11 15:18 - 00002221 _____ C:\Users\Virgill\Desktop\mbam_sken.txt
2017-02-11 15:07 - 2017-02-22 16:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-11 15:07 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 15:07 - 2017-02-17 13:26 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 15:07 - 2017-02-11 15:07 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-11 15:07 - 2017-02-11 15:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 15:07 - 2017-02-11 15:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-11 15:07 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-11 14:19 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 19:38 - 2017-02-11 15:06 - 55566792 _____ (Malwarebytes ) C:\Users\Virgill\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-07 01:55 - 2017-02-17 12:20 - 00002136 _____ C:\WINDOWS\DtcInstall.log
2017-02-07 01:53 - 2017-02-17 12:17 - 00004710 _____ C:\WINDOWS\comsetup.log
2017-02-06 08:24 - 2017-02-06 08:24 - 04015056 _____ C:\Users\Virgill\Desktop\adwcleaner_6.043.exe
2017-02-06 07:05 - 2017-02-11 15:03 - 00001670 _____ C:\WINDOWS\PFRO.log
2017-02-06 06:47 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-30 19:09 - 2017-01-30 19:09 - 00049884 _____ C:\Users\Virgill\Downloads\Addition.txt
2017-01-30 19:07 - 2017-02-23 06:42 - 00000000 ____D C:\FRST
2017-01-30 19:07 - 2017-01-30 19:09 - 00029715 _____ C:\Users\Virgill\Downloads\FRST.txt
2017-01-30 19:06 - 2017-01-30 19:07 - 02420736 _____ (Farbar) C:\Users\Virgill\Downloads\FRST64.exe
2017-01-25 07:14 - 2017-01-25 07:14 - 00000000 ____D C:\Users\Virgill\AppData\Local\Chromium
2017-01-25 07:12 - 2017-02-15 06:42 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-25 07:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-25 07:12 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-25 07:12 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 06:38 - 2016-11-18 17:33 - 00000000 ____D C:\Users\Virgill\AppData\LocalLow\Mozilla
2017-02-23 06:38 - 2015-12-21 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\TS3Client
2017-02-23 06:32 - 2016-10-26 04:54 - 00000000 ____D C:\ProgramData\MFAData
2017-02-23 06:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 06:31 - 2016-07-03 08:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-23 06:30 - 2016-09-29 03:19 - 00003036 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Virgill)
2017-02-23 06:30 - 2015-12-20 20:30 - 00004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{033FCC92-586D-449F-8D21-4887FE3C1747}
2017-02-23 06:29 - 2017-01-17 07:45 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-02-23 06:28 - 2016-10-27 18:23 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-23 06:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\sru
2017-02-22 16:44 - 2016-07-04 10:13 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 16:25 - 2016-01-20 16:52 - 00000596 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-02-22 15:50 - 2016-01-20 16:52 - 00000692 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-02-22 14:48 - 2015-12-23 09:50 - 00000000 ____D C:\Users\Virgill\Documents\bsgo
2017-02-22 13:58 - 2015-12-19 05:18 - 00000000 ____D C:\Users\Virgill
2017-02-22 04:24 - 2015-12-20 20:36 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\vlc
2017-02-21 23:14 - 2016-09-13 19:26 - 00064512 ___SH C:\Users\Virgill\Downloads\Thumbs.db
2017-02-21 22:08 - 2016-10-26 23:43 - 00000000 ____D C:\Program Files (x86)\BSGO
2017-02-21 15:37 - 2016-07-17 15:59 - 00000000 ____D C:\Users\Virgill\AppData\Local\CrashDumps
2017-02-21 03:03 - 2016-01-15 09:02 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-02-20 19:15 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-02-19 23:21 - 2016-01-20 16:52 - 00003854 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-02-19 23:21 - 2016-01-20 16:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-02-17 19:31 - 2016-12-02 23:14 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-17 19:07 - 2016-10-31 21:12 - 00000000 ____D C:\WINDOWS\Panther
2017-02-17 18:30 - 2015-12-19 05:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 13:33 - 2016-12-30 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2017-02-17 13:33 - 2016-12-22 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader FIX
2017-02-17 13:33 - 2016-11-16 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-02-17 13:33 - 2016-11-16 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Actionaz
2017-02-17 13:33 - 2016-11-09 12:59 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-17 13:33 - 2016-10-27 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-17 13:33 - 2016-10-24 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSGO
2017-02-17 13:33 - 2016-10-05 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-17 13:33 - 2016-10-04 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-17 13:33 - 2016-09-29 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-17 13:33 - 2016-09-26 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2017-02-17 13:33 - 2016-09-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-17 13:33 - 2016-07-29 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-02-17 13:33 - 2016-07-23 21:25 - 00000000 ____D C:\WINDOWS\cs
2017-02-17 13:33 - 2016-07-23 21:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-02-17 13:33 - 2016-07-03 08:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 13:33 - 2016-07-03 08:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-17 13:33 - 2016-07-03 08:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-17 13:33 - 2016-05-31 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2017-02-17 13:33 - 2016-03-17 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-17 13:33 - 2016-03-16 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard
2017-02-17 13:33 - 2016-02-25 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 13:33 - 2016-02-24 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Smart Assistant
2017-02-17 13:33 - 2016-01-25 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
2017-02-17 13:33 - 2015-12-30 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda NG x64
2017-02-17 13:33 - 2015-12-26 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2017-02-17 13:33 - 2015-12-20 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-17 13:33 - 2015-12-19 02:41 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-02-17 13:33 - 2015-12-19 02:40 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-02-17 13:33 - 2015-12-19 01:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Recovery
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-17 13:33 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-17 13:33 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-17 13:32 - 2016-11-24 01:33 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-17 13:32 - 2016-11-12 14:00 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2017-02-17 13:32 - 2016-09-26 15:43 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
2017-02-17 13:32 - 2016-06-04 19:28 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-17 13:32 - 2016-02-25 00:01 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 13:32 - 2016-01-15 09:02 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-02-17 13:32 - 2015-12-20 16:11 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-02-17 13:27 - 2016-11-24 11:38 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 12:22 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-02-17 12:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2017-02-17 12:16 - 2017-01-17 14:08 - 00006545 _____ C:\WINDOWS\setupact.log
2017-02-17 12:16 - 2015-12-19 04:38 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-02-17 12:16 - 2015-12-19 04:38 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-02-16 12:14 - 2016-09-07 19:42 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Ulozto File Manager
2017-02-15 20:22 - 2016-03-23 00:09 - 00000000 ____D C:\rulez
2017-02-15 20:22 - 2015-12-20 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Local\GHISLER
2017-02-15 06:46 - 2015-12-19 05:27 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 06:46 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 06:46 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 06:43 - 2016-10-05 18:36 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-15 06:43 - 2016-10-05 18:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:43 - 2016-07-03 09:28 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA
2017-02-15 06:42 - 2016-10-05 18:35 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-11 14:19 - 2016-07-24 17:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 02:05 - 2016-12-14 05:21 - 00000276 _____ C:\Users\Virgill\Desktop\VypinacPC.ini
2017-02-08 19:28 - 2016-11-10 07:04 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1478757887
2017-02-08 19:28 - 2016-11-10 07:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-08 19:28 - 2016-11-10 07:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-07 17:23 - 2016-11-24 11:38 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 08:29 - 2016-09-01 18:17 - 00000000 ____D C:\AdwCleaner
2017-02-06 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-06 07:08 - 2015-12-19 05:18 - 00000000 ___RD C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-06 07:05 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 06:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-06 06:51 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-06 06:49 - 2016-10-26 04:47 - 00000000 ____D C:\Users\Virgill\AppData\Local\AvgSetupLog
2017-02-06 06:48 - 2016-10-26 04:47 - 00000000 ____D C:\Users\Virgill\AppData\Local\Avg
2017-02-06 06:47 - 2016-10-27 18:29 - 00000000 ___HD C:\$AVG
2017-02-06 06:47 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-06 06:46 - 2016-10-26 04:48 - 00000000 ____D C:\Program Files (x86)\AVG
2017-02-02 16:55 - 2016-03-21 17:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-01 14:12 - 2016-09-03 11:32 - 00000000 ____D C:\Users\Virgill\Documents\The Lord of the Rings Online
2017-01-27 22:54 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-25 07:12 - 2016-07-04 10:05 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-07-23 13:08 - 2016-07-23 13:08 - 0003584 _____ () C:\Users\Virgill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-04 12:17 - 2016-02-04 12:17 - 0000858 _____ () C:\Users\Virgill\AppData\Local\recently-used.xbel
2015-12-22 01:30 - 2015-12-22 01:30 - 0000017 _____ () C:\Users\Virgill\AppData\Local\resmon.resmoncfg
2016-10-30 14:10 - 2016-10-30 14:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Virgill\dht.dat
C:\Users\Virgill\resume.20160923.124007.dat
C:\Users\Virgill\resume.dat
C:\Users\Virgill\rss.dat
C:\Users\Virgill\settings.dat
C:\Users\Virgill\uninstall.exe
C:\Users\Virgill\utorrent.exe

Some files in TEMP:
====================
C:\Users\Virgill\AppData\Local\Temp\libeay32.dll
C:\Users\Virgill\AppData\Local\Temp\msvcr120.dll
C:\Users\Virgill\AppData\Local\Temp\NvTelemetry.dll
C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI32.dll
C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI64.dll
C:\Users\Virgill\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-13 15:06

==================== End of FRST.txt ============================

Adition se nevytvořil po skenu frst.

#10 Příspěvek od **altrok** » 23 úno 2017 12:26

FRST.txt píše:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015

Pouzivate stary FRST64.exe, ktery diky chybe nekontroloval aktualizace - stahnete novy FRST64.exe a pred kliknutim na tlacitko Scan se presvedcte, ze je vpravo dole zatrhnuta moznost Addition.txt. https://www.bleepingcomputer.com/downlo ... scan-tool/
Nasledne oba vygenerovane logy vlozte do pristi odpovedi.

TIVL · #11 Příspěvek od **TIVL** » 24 úno 2017 21:41

frst log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Virgill (administrator) on VIRGILL-PC (24-02-2017 21:35:40)
Running from C:\Users\Virgill\Desktop
Loaded Profiles: Virgill (Available Profiles: Virgill)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\wimserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
(MurGee.com) C:\Users\Virgill\Documents\Auto Keyboard\AutoKeyboard.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe [18923008 2015-06-16] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1057848 2017-02-20] ()
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [MurGee.com Auto Keyboard] => C:\Users\Virgill\Documents\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Virgill\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\RunOnce: [Uninstall C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\MountPoints2: {25f03466-b0ed-11e5-8ece-000e2e640877} - "I:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{2cbd68be-aa6a-4cb1-aa11-c6266c4cebdc}: [DhcpNameServer] 185.147.250.13 185.147.250.14 192.168.1.1
Tcpip\..\Interfaces\{30877717-9a83-4c96-a7ba-9b10675a8260}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{949d9305-ddc3-4f35-807f-a176e512e079}: [DhcpNameServer] 213.180.36.130 213.180.36.131

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131011372525856110&GUID=1BFBEC75-BC8E-4BF1-A4CE-F3C39D704A26
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> DefaultScope {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {3C46B73F-0D56-4415-9541-862D61CAFC41} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {583E6183-82B5-4071-8CE0-21A1D36C9B9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> {58478693-1F8E-49e3-A598-38C048094EB0} URL = hxxp://www.google.com/custom?client=pub-379428 ... earchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-23] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\rulez\startrek\Arc\Plugins\ArcPluginIE.dll [2016-12-08] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> No Name - {A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} - No File

FireFox:
========
FF ProfilePath: C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878 [2017-02-24]
FF Extension: (Firebug) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (MEGA) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\firefox@mega.co.nz.xpi [2017-02-17]
FF Extension: (Pin It button) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-09-29]
FF Extension: (Adblock Plus) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Virgill\AppData\Roaming\Mozilla\Firefox\Profiles\0l70a99x.default-1454323038878\features\{00f64369-da29-4d38-807d-d7c08541d101}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\rulez\startrek\Arc\Plugins\npArcPluginFF.dll [2016-12-08] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2573572955-775236183-1901679569-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Virgill\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default [2017-02-16]
CHR Extension: (Prezentace Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-18]
CHR Extension: (Dokumenty Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-20]
CHR Extension: (Disk Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-20]
CHR Extension: (YouTube) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
CHR Extension: (Tabulky Google) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Virgill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\rulez\startrek\Arc\ArcService.exe [87064 2016-12-08] (Perfect World Entertainment Inc)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-31] (AVG Technologies CZ, s.r.o.)
S2 gupdate1d2463ee6998e6f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
S3 gupdatem1d2463ee6a2ddb1; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-11-24] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325112 2017-02-20] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2015-10-30] (Broadcom Corporation)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [49944 2016-06-02] (CyberLink Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2016-09-22] (DT Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-29] (REALiX(tm))
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-24] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-30] (Realtek )
S3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2015-10-30] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-11-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-09-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [303104 2015-10-30] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 21:35 - 2017-02-24 21:36 - 00020537 _____ C:\Users\Virgill\Desktop\FRST.txt
2017-02-24 21:34 - 2017-02-24 21:35 - 02423296 _____ (Farbar) C:\Users\Virgill\Desktop\FRST64.exe
2017-02-21 23:13 - 2017-02-21 23:13 - 09104281 _____ C:\Users\Virgill\Downloads\Orizon.zip
2017-02-21 15:39 - 2017-02-21 15:39 - 01381554 _____ C:\Users\Virgill\Downloads\ePSXe205.zip
2017-02-19 20:04 - 2017-02-19 20:04 - 00035207 _____ C:\Users\Virgill\Desktop\print.pdf
2017-02-16 02:42 - 2017-02-16 02:42 - 03514808 _____ (Uloz.to cloud a.s. ) C:\Users\Virgill\Downloads\Uloz.to_Uploader-setup.exe
2017-02-16 02:42 - 2017-02-16 02:42 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2017-02-16 02:42 - 2017-02-16 02:42 - 00000000 ____D C:\Users\Virgill\Documents\Ulozto
2017-02-16 02:42 - 2017-02-16 02:42 - 00000000 ____D C:\Program Files (x86)\Ulozto File Manager
2017-02-15 18:51 - 2017-02-16 00:39 - 00000000 ____D C:\Users\Virgill\Documents\Bandicam
2017-02-15 18:51 - 2017-02-15 18:51 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\BANDISOFT
2017-02-14 08:03 - 2017-02-14 08:04 - 12034560 _____ C:\Users\Virgill\Desktop\battlestarcalculator alpha 0.0.4.1.exe
2017-02-13 16:24 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2017-02-13 16:24 - 2017-02-15 18:40 - 00000000 ____D C:\Users\Virgill\Documents\OpenTTD
2017-02-13 16:24 - 2017-02-13 16:24 - 00000714 _____ C:\Users\Public\Desktop\OpenTTD.lnk
2017-02-11 15:18 - 2017-02-11 15:18 - 00002221 _____ C:\Users\Virgill\Desktop\mbam_sken.txt
2017-02-11 15:07 - 2017-02-24 14:05 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 15:07 - 2017-02-17 18:31 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-11 15:07 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 15:07 - 2017-02-17 13:26 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 15:07 - 2017-02-11 15:07 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-11 15:07 - 2017-02-11 15:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 15:07 - 2017-02-11 15:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-11 15:07 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-11 14:19 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 19:38 - 2017-02-11 15:06 - 55566792 _____ (Malwarebytes ) C:\Users\Virgill\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-06 08:24 - 2017-02-06 08:24 - 04015056 _____ C:\Users\Virgill\Desktop\adwcleaner_6.043.exe
2017-02-06 06:47 - 2017-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-30 19:09 - 2017-01-30 19:09 - 00049884 _____ C:\Users\Virgill\Downloads\Addition.txt
2017-01-30 19:07 - 2017-02-24 21:35 - 00000000 ____D C:\FRST
2017-01-30 19:07 - 2017-01-30 19:09 - 00029715 _____ C:\Users\Virgill\Downloads\FRST.txt
2017-01-30 19:06 - 2017-01-30 19:07 - 02420736 _____ (Farbar) C:\Users\Virgill\Downloads\FRST64.exe
2017-01-25 07:14 - 2017-01-25 07:14 - 00000000 ____D C:\Users\Virgill\AppData\Local\Chromium
2017-01-25 07:12 - 2017-02-15 06:42 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 07:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-25 07:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-25 07:12 - 2017-01-06 02:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-25 07:12 - 2017-01-06 02:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 21:35 - 2016-11-18 17:33 - 00000000 ____D C:\Users\Virgill\AppData\LocalLow\Mozilla
2017-02-24 21:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-24 21:28 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 21:25 - 2016-01-20 16:52 - 00000596 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-02-24 21:19 - 2016-09-29 03:19 - 00003036 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Virgill)
2017-02-24 21:19 - 2016-07-03 08:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-24 21:17 - 2016-10-26 04:54 - 00000000 ____D C:\ProgramData\MFAData
2017-02-24 16:04 - 2016-07-17 15:59 - 00000000 ____D C:\Users\Virgill\AppData\Local\CrashDumps
2017-02-24 16:03 - 2015-12-21 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\TS3Client
2017-02-24 15:50 - 2016-01-20 16:52 - 00000692 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000.job
2017-02-24 15:44 - 2016-07-04 10:13 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-24 12:48 - 2015-12-20 20:30 - 00004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{033FCC92-586D-449F-8D21-4887FE3C1747}
2017-02-24 09:40 - 2015-12-19 01:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 09:40 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 09:36 - 2015-12-19 01:31 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 06:46 - 2016-11-10 07:04 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1478757887
2017-02-24 06:46 - 2016-11-10 07:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-24 06:45 - 2016-11-10 07:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-24 06:36 - 2016-10-27 18:23 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-22 14:48 - 2015-12-23 09:50 - 00000000 ____D C:\Users\Virgill\Documents\bsgo
2017-02-22 13:58 - 2015-12-19 05:18 - 00000000 ____D C:\Users\Virgill
2017-02-22 04:24 - 2015-12-20 20:36 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\vlc
2017-02-21 23:14 - 2016-09-13 19:26 - 00064512 ___SH C:\Users\Virgill\Downloads\Thumbs.db
2017-02-21 22:08 - 2016-10-26 23:43 - 00000000 ____D C:\Program Files (x86)\BSGO
2017-02-21 03:03 - 2016-01-15 09:02 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-02-20 19:15 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-02-19 23:21 - 2016-01-20 16:52 - 00003854 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-02-19 23:21 - 2016-01-20 16:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000
2017-02-17 19:31 - 2016-12-02 23:14 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-17 19:07 - 2016-10-31 21:12 - 00000000 ____D C:\WINDOWS\Panther
2017-02-17 18:30 - 2015-12-19 05:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 13:33 - 2016-12-30 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2017-02-17 13:33 - 2016-12-22 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader FIX
2017-02-17 13:33 - 2016-11-16 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-02-17 13:33 - 2016-11-16 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Actionaz
2017-02-17 13:33 - 2016-11-09 12:59 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-17 13:33 - 2016-10-27 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-17 13:33 - 2016-10-24 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSGO
2017-02-17 13:33 - 2016-10-05 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-17 13:33 - 2016-10-04 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-17 13:33 - 2016-09-29 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-17 13:33 - 2016-09-26 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2017-02-17 13:33 - 2016-09-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-17 13:33 - 2016-07-29 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-02-17 13:33 - 2016-07-23 21:25 - 00000000 ____D C:\WINDOWS\cs
2017-02-17 13:33 - 2016-07-23 21:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-02-17 13:33 - 2016-07-03 08:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 13:33 - 2016-07-03 08:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-17 13:33 - 2016-07-03 08:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-17 13:33 - 2016-05-31 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2017-02-17 13:33 - 2016-03-17 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-17 13:33 - 2016-03-16 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard
2017-02-17 13:33 - 2016-02-25 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 13:33 - 2016-02-24 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Smart Assistant
2017-02-17 13:33 - 2016-01-25 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
2017-02-17 13:33 - 2015-12-30 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda NG x64
2017-02-17 13:33 - 2015-12-26 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
2017-02-17 13:33 - 2015-12-20 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-17 13:33 - 2015-12-19 12:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-17 13:33 - 2015-12-19 02:41 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-02-17 13:33 - 2015-12-19 02:40 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 13:33 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-17 13:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 13:33 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-17 13:33 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-17 13:32 - 2016-11-24 01:33 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-17 13:32 - 2016-11-12 14:00 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2017-02-17 13:32 - 2016-09-26 15:43 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
2017-02-17 13:32 - 2016-06-04 19:28 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-17 13:32 - 2016-02-25 00:01 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 13:32 - 2016-01-15 09:02 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-02-17 13:32 - 2015-12-20 16:11 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-02-17 13:27 - 2016-11-24 11:38 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 12:22 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-02-17 12:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2017-02-17 12:16 - 2015-12-19 04:38 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-02-17 12:16 - 2015-12-19 04:38 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-02-16 12:14 - 2016-09-07 19:42 - 00000000 ____D C:\Users\Virgill\AppData\Roaming\Ulozto File Manager
2017-02-15 20:22 - 2016-03-23 00:09 - 00000000 ____D C:\rulez
2017-02-15 20:22 - 2015-12-20 20:01 - 00000000 ____D C:\Users\Virgill\AppData\Local\GHISLER
2017-02-15 06:46 - 2015-12-19 05:27 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 06:46 - 2015-10-30 19:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 06:46 - 2015-10-30 19:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 06:43 - 2016-10-05 18:36 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-15 06:43 - 2016-10-05 18:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:43 - 2016-07-03 09:28 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA
2017-02-15 06:42 - 2016-10-05 18:35 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-15 06:42 - 2016-10-05 18:35 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-11 14:19 - 2016-07-24 17:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 02:05 - 2016-12-14 05:21 - 00000276 _____ C:\Users\Virgill\Desktop\VypinacPC.ini
2017-02-07 17:23 - 2016-11-24 11:38 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:45 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:45 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 08:29 - 2016-09-01 18:17 - 00000000 ____D C:\AdwCleaner
2017-02-06 08:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-06 07:05 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 06:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-06 06:49 - 2016-10-26 04:47 - 00000000 ____D C:\Users\Virgill\AppData\Local\AvgSetupLog
2017-02-06 06:48 - 2016-10-26 04:47 - 00000000 ____D C:\Users\Virgill\AppData\Local\Avg
2017-02-06 06:47 - 2016-10-27 18:29 - 00000000 ___HD C:\$AVG
2017-02-06 06:47 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-06 06:46 - 2016-10-26 04:48 - 00000000 ____D C:\Program Files (x86)\AVG
2017-02-02 16:55 - 2016-03-21 17:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-01 14:12 - 2016-09-03 11:32 - 00000000 ____D C:\Users\Virgill\Documents\The Lord of the Rings Online
2017-01-27 22:54 - 2016-02-11 01:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-25 07:12 - 2016-07-04 10:05 - 00000000 ____D C:\Users\Virgill\AppData\Local\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-07-23 13:08 - 2016-07-23 13:08 - 0003584 _____ () C:\Users\Virgill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-04 12:17 - 2016-02-04 12:17 - 0000858 _____ () C:\Users\Virgill\AppData\Local\recently-used.xbel
2015-12-22 01:30 - 2015-12-22 01:30 - 0000017 _____ () C:\Users\Virgill\AppData\Local\resmon.resmoncfg
2016-10-30 14:10 - 2016-10-30 14:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Virgill\dht.dat
C:\Users\Virgill\resume.20160923.124007.dat
C:\Users\Virgill\resume.dat
C:\Users\Virgill\rss.dat
C:\Users\Virgill\settings.dat
C:\Users\Virgill\uninstall.exe
C:\Users\Virgill\utorrent.exe

Some files in TEMP:
====================
2016-10-19 16:11 - 2016-10-19 16:11 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Virgill\AppData\Local\Temp\libeay32.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 0970912 _____ (Microsoft Corporation) C:\Users\Virgill\AppData\Local\Temp\msvcr120.dll
2016-10-05 18:35 - 2016-10-25 21:21 - 1137208 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetry.dll
2016-10-05 18:35 - 2017-01-06 02:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-05 18:35 - 2017-01-06 02:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Virgill\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 0772672 _____ () C:\Users\Virgill\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 09:33

==================== End of FRST.txt ============================

addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Virgill (24-02-2017 21:36:51)
Running from C:\Users\Virgill\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-19 10:59:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2573572955-775236183-1901679569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2573572955-775236183-1901679569-503 - Limited - Disabled)
Guest (S-1-5-21-2573572955-775236183-1901679569-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2573572955-775236183-1901679569-1005 - Limited - Enabled)
Virgill (S-1-5-21-2573572955-775236183-1901679569-1000 - Administrator - Enabled) => C:\Users\Virgill

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actionaz 3.8.0 (64 bits) (HKLM\...\{098CDAF9-5A9B-4731-9F3C-F3F1DF7490C2}_is1) (Version: 3.8.0 - Actionaz.org)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace NVIDIA 23.23.0.0 (Version: 23.23.0.0 - NVIDIA Corporation) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7999 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7999 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.5.1125 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlestar Galactica Online (HKLM-x32\...\Battlestar Galactica Online_is1) (Version: 1.0 - Bigpoint GmbH)
Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.06.0005 - Bloody)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.3 - IObit)
Easy Convert (HKLM-x32\...\{75FB2985-E457-4BFF-B94D-EB38C0DE4089}) (Version: 1.0.1 - Smart PC Soft)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
HHD Software Hex Editor Neo 6.24 (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Smart Assistant 1.03 (HKLM-x32\...\VibeRomFlash) (Version: 1.03.0.0 - Lenovo)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MetaTrader FIX (HKLM-x32\...\MetaTrader FIX) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Miranda NG (HKLM-x32\...\Miranda NG_is1) (Version: 0.95.4 - Miranda NG Team)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 51.0.1 (x64 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Nero 9 Lite (HKLM-x32\...\{92d90838-e7cf-4798-904c-7397a9ccc247}) (Version: - Nero AG)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenTTD 1.6.1 (HKLM-x32\...\OpenTTD) (Version: 1.6.1 - OpenTTD)
Opera Stable 43.0.2442.991 (HKLM-x32\...\Opera 43.0.2442.991) (Version: 43.0.2442.991 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.102.217.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Ovládací panel NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
ReMouse Micro (HKLM-x32\...\ReMouse Micro_is1) (Version: Micro V3.5.3 - AutomaticSolution Software)
Resource Hacker Version 4.3.20 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Ulož.to FileManager verze 2.03 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.03 - Uloz.to cloud a.s.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.5.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\4190\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2573572955-775236183-1901679569-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Virgill\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012F03A9-45BC-496F-892D-EBC11A0D9A3F} - System32\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000 => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {02556674-1C3A-4756-8322-724B1FDAB09B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\Scheduler.exe [2016-09-20] (IObit)
Task: {032864F4-9B44-44D3-86C5-FBB538998D14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {05CD1E4B-9B13-4A1D-BB37-1D84E7DFA6E4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {097C4CB6-A399-4F29-8343-47319968DCD8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {0BA89F32-B7EA-4FD1-83F7-FC0F170877FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0DB38941-FC63-41FD-9F92-6E1ACC493321} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {168A5B4A-9E0D-488F-9366-645F7618CB24} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1B1102AC-DC31-47BD-B8B7-3371598AF400} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {1EF2D223-EBAB-4EA4-A7F5-A4F47906231B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {21C2F3F6-D5B0-4577-B67D-2E492C3E8E09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {2562D0F7-4C31-4998-B5E0-43462A9487CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {37EA35C2-EE92-4854-AF87-F58E96003C20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-24] (Google Inc.)
Task: {37F9BB98-BD7A-4B74-9A93-3D61FE2921A6} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {4386CD99-0A8D-4200-824B-1D7096B08F3B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {533C7F7F-75BA-4B1A-A7B7-C3B53AA606A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {54142575-EE0C-4395-9699-215BD3987548} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {58CC5027-5CBC-4528-82D0-04F7EB43A7DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5CFD5A91-EFDC-4578-8919-B1A97B144B6C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {62EE851C-2874-4A38-B237-AD10CF234361} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6CE33040-8207-4E75-AA03-CC1E486F7107} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6EB417E2-FCFC-42C3-BFBA-86C13104465F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7CFAD5C4-8531-418A-88BC-8DC28624A405} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8896EF1A-B165-486E-AEB7-F56620ADE028} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {899314D0-1559-4F74-8558-7BF3A49256C0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {8F29BFD3-E330-4C13-9FED-CCC5A2F33FE0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9E459EEF-0BE6-4AEA-9652-FEBA6941C56B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000 => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A3D9869A-7AD3-4C29-A86A-FFC4944CD35D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {A6A4DC3F-D057-41EE-8E74-3F704A112559} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AABD112B-A479-4EAD-82F6-E3F78A8397E5} - System32\Tasks\Opera scheduled Autoupdate 1478757887 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-20] (Opera Software)
Task: {AD17F9C4-3B2F-4CD2-9449-A13670CB5078} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {B0466BC7-0F55-486F-AA43-9BD50028EC5D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {BB184D60-0E65-4D9E-B116-260710BC1ADF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {BB98A984-F8E3-4BDB-B8EC-FB57778538E0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {C08CFA16-9819-437E-95FF-312AA5635B3A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C0E00B84-CF1D-4B60-BE51-AEFF03BE365B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C260774A-84BF-4C48-B4CD-6DC93D2729FB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D518CBD5-07DC-48BE-8253-2879B9A1EABB} - System32\Tasks\Driver Booster SkipUAC (Virgill) => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe [2016-09-22] (IObit)
Task: {DA6386E1-6C67-4CD1-8153-3A64133984CF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {E79963DE-31E9-4D80-973D-70C357FC5A4E} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-02-20] (Overwolf LTD)
Task: {E9F92C46-6703-4A7E-9DEE-76AF44510DFD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EB7C164B-C304-472F-BE01-948A5828C0DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EFD6D8A0-2CA5-49F0-A0A3-D34629371941} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2573572955-775236183-1901679569-1000.job => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2573572955-775236183-1901679569-1000.job => C:\Users\Virgill\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-11 15:07 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 15:07 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-11 15:07 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-05 18:35 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-05 18:35 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-03 08:21 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 22:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 22:17 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-25 06:50 - 2016-05-25 06:50 - 00959168 _____ () C:\Users\Virgill\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-12-19 12:18 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-15 17:24 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 22:18 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 22:17 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 22:18 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 22:17 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-12 01:10 - 2015-06-16 16:11 - 18923008 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
2016-10-05 18:35 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-05 18:35 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-05 18:35 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-12 01:10 - 2013-04-03 18:29 - 00085504 _____ () C:\Program Files (x86)\Bloody5\Bloody5\DLL\DLL_ZoomControl.dll
2016-01-12 01:10 - 2014-01-10 17:48 - 04260352 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2016-11-28 16:06 - 2016-11-28 16:06 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-10-05 18:35 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-05 18:35 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-05 18:35 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-05 18:35 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-05 18:35 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-05 18:35 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-05 18:35 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-25 07:13 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Virgill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 185.147.250.13 - 185.147.250.14
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "GenieFloater"
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\StartupApproved\Run: => "AshSnap"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{50AC69E7-B7B5-43C5-8902-198A5C347E4C}C:\program files\miranda ng\miranda64.exe] => (Allow) C:\program files\miranda ng\miranda64.exe
FirewallRules: [UDP Query User{C95E6922-3F65-46CC-9980-493F613C6385}C:\program files\miranda ng\miranda64.exe] => (Allow) C:\program files\miranda ng\miranda64.exe
FirewallRules: [{1085178E-DB3C-448D-BCF4-C2C78B825D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D2AE884E-E6DA-45A3-858E-E79B6953B71C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{371E2B30-BA9F-4459-A8E4-57B78D61E319}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0745B036-C7E3-443C-8FFE-9E605332C029}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68488DE5-075D-4FC2-BA76-54DA5E10096E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7BBEE8BC-4714-4DDD-ABBE-098EF8FC9C65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4BB8947D-F514-4FF6-9061-1C034661E498}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{BF60B984-FAB2-4FF4-8132-DBCC624ED188}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{387824C3-FCAD-4A91-835F-CEE128DB8624}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{69634CC7-3764-4CEA-9D5E-76E8ABA02AC4}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{53F11CD9-4222-4ED5-ACED-E0966E3EFDA1}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{9501C11D-8364-4DAA-9A3A-547F3EA9B843}C:\users\virgill\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\virgill\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{CED31BB5-A79B-4ACC-95A5-FEFF2BA93A6F}C:\users\virgill\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\virgill\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{93560EEE-2C5E-4211-99D0-5AFA75A59FF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6FDDF03F-4F02-42E7-B968-E1D68E979691}] => (Allow) LPort=2869
FirewallRules: [{70957527-2900-4333-88F5-BADDCE209496}] => (Allow) LPort=1900
FirewallRules: [{C6CBA191-F63A-462D-8E49-969648C2A388}] => (Allow) C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{DD68EB5C-A117-4A03-B7AD-D1B42D7F9C0B}] => (Allow) C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{82063E85-CEC4-4FE2-85AB-10CB2CFAD28F}] => (Allow) C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [{48258FEF-9224-4011-9272-242B48ABE5E6}] => (Allow) C:\Users\Virgill\Documents\bsgo\bsgo_setup.exe
FirewallRules: [TCP Query User{65352131-B2DD-44E5-A8E0-8656F7757C14}C:\users\virgill\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\virgill\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2F86E1F2-34A9-4A16-BDD6-C80DB29D2C88}C:\users\virgill\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\virgill\appdata\local\akamai\netsession_win.exe
FirewallRules: [{81F143BF-C1E0-4139-831A-60702FF4BF4B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{FBE3DCFA-0F13-4FE8-8ED0-C7410A2752A2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{381492EE-EDB1-4D12-B452-6E6FBA20F938}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{669C9858-C2B2-423F-BA8C-7E2D9544F36F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{97345292-2B33-4D75-9017-AC13D318E2E1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{1AAA60E3-35A5-4D40-A3C4-C76DB303E5B6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{34D3C472-92F7-4EC0-81D5-922D0E79466C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D6BE54B-8195-4848-8537-18ED19F032B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1183586E-E477-44F6-8678-43985A9CFC32}C:\rulez\bsgo\launcher\launcher.exe] => (Allow) C:\rulez\bsgo\launcher\launcher.exe
FirewallRules: [UDP Query User{C4B8C9B9-9FB8-4850-8EEE-A5190E448E3A}C:\rulez\bsgo\launcher\launcher.exe] => (Allow) C:\rulez\bsgo\launcher\launcher.exe
FirewallRules: [TCP Query User{2D7AF4B5-F532-4C7D-98BA-A80F3C6B4BDA}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [UDP Query User{D8146613-F217-4171-BD6C-D0F411BC2F1A}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [TCP Query User{5906AA7F-5744-4DBF-9DD0-C9E4F6B4D351}C:\rulez\lotr\lotroclient.exe] => (Allow) C:\rulez\lotr\lotroclient.exe
FirewallRules: [UDP Query User{AFC98FD2-6E8D-45AF-BD5E-AABC7A3F0A19}C:\rulez\lotr\lotroclient.exe] => (Allow) C:\rulez\lotr\lotroclient.exe
FirewallRules: [TCP Query User{F0F3B544-6108-4278-8B79-9D0C878D035A}C:\rulez\star conflict\launcher.exe] => (Allow) C:\rulez\star conflict\launcher.exe
FirewallRules: [UDP Query User{E0EF3D6C-2EFC-434E-A567-B57F1BACC2E3}C:\rulez\star conflict\launcher.exe] => (Allow) C:\rulez\star conflict\launcher.exe
FirewallRules: [TCP Query User{2D8279E2-96A1-4A6E-AB5D-1D3E59577225}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{AC35FA1C-49E6-46BE-9600-F2512D5121FD}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{521B8818-754A-4953-B1A5-C434B4CB8AAC}C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{2CDE1BD0-A83D-4D0D-853C-F17D051ACE06}C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\rulez\startrek\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{8C47FC9B-228D-4D22-B41E-239886DC9579}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72A96462-805C-4905-ADB5-032C7D7FDE30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9BB3C79F-7576-422E-8403-794597EB256A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{92748588-80C5-44AA-BB47-C9D966788EA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{973A5658-3C5D-41FD-B765-18B64D6FA8C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{583B2159-82FF-4223-8EA1-BA6DE3D7CF49}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{110AD46A-92B9-4E45-8374-18DC2B14C0A3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{81A108D0-A17B-4B32-91E7-734B6F71B979}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D9AA8443-794C-4516-AEB4-352F292C62E4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{46DA348A-5E3B-4A43-8593-CF5484EC9F59}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{266ED06A-4735-448A-A2C4-26EED4950527}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1C69586C-8084-404C-9644-E3F4A5DC43E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3308EA8A-6A68-4F7D-9B58-13137CC83CAF}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
FirewallRules: [{116F5BD5-DE05-4D82-8A03-94C5B5A5F80B}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe

==================== Restore Points =========================

24-02-2017 09:33:49 Windows Update

==================== Faulty Device Manager Devices =============

Name: Obecný monitor PnP
Description: Obecný monitor PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní typy monitorů)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Obecný monitor PnP
Description: Obecný monitor PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní typy monitorů)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2017 04:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: bsgo.exe, verze: 5.1.5.58661, časové razítko: 0x574eb213
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x62ac
Čas spuštění chybující aplikace: 0x01d28e9c7c76d90c
Cesta k chybující aplikaci: C:\Program Files (x86)\BSGO\client\live\bsgo.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 804f424d-e565-4d17-875e-239e03a1a135
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/24/2017 09:35:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (02/23/2017 05:03:51 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/23/2017 10:12:27 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/23/2017 10:12:27 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/23/2017 10:11:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: bsgo.exe, verze: 5.1.5.58661, časové razítko: 0x574eb213
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x3290
Čas spuštění chybující aplikace: 0x01d28d9c63ce5278
Cesta k chybující aplikaci: C:\Program Files (x86)\BSGO\client\live\bsgo.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e93f7e2d-05bc-42f0-993f-960b4becc5a9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2017 09:14:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIRGILL-PC)
Description: Aplikaci Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/22/2017 05:03:18 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/22/2017 05:03:18 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/22/2017 04:24:11 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

System errors:
=============
Error: (02/24/2017 09:28:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80246013): Microsoft .Net Native Framework Package 1.2.23205.0.

Error: (02/24/2017 04:08:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Hostitel synchronizace_1abce2be bylo dosaženo časového limitu (30000 ms).

Error: (02/24/2017 04:08:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Úložiště uživatelských dat_1abce2be bylo dosaženo časového limitu (30000 ms).

Error: (02/24/2017 04:08:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Úložiště uživatelských dat_1abce2be, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (02/24/2017 04:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_1abce2be byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/24/2017 04:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_1abce2be byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/24/2017 04:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_1abce2be byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/24/2017 04:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_1abce2be byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/23/2017 05:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_1a640ac8 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (02/23/2017 05:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_1a640ac8 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2017-02-24 21:18:09.607
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.993
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.836
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 21:13:26.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 15:47:19.476
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-24 15:47:19.434
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 51%
Total physical RAM: 3963.49 MB
Available physical RAM: 1926.98 MB
Total Virtual: 8715.14 MB
Available Virtual: 5862.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:119.72 GB) NTFS
Drive d: () (Fixed) (Total:186.07 GB) (Free:71.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 811594C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 000400A5)
Partition 1: (Active) - (Size=243 MB) - (Type=83)
Partition 2: (Not Active) - (Size=186.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#12 Příspěvek od **altrok** » 26 úno 2017 19:51

Stahnete Crystal Disk Info (CDI) https://osdn.jp/frs/redir.php?m=cznic&f ... o6_7_5.zip
archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
log vlozte do dalsi odpovedi (Ctrl + V)

Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U121. Verze Javy, ktere v PC mate nainstalovane:

Java 8 Update 101

Malwarebytes (MBAM) odinstalujte.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument), Kodovani UTF-8 (jinak vyskoci hlaska o ztrate nekterych znaku)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\MountPoints2: {25f03466-b0ed-11e5-8ece-000e2e640877} - "I:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
Toolbar: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> No Name - {A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} - No File
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
Folder: C:\Users\Virgill\AppData\Local\CrashDumps
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
EmptyTemp:
End

TIVL · #13 Příspěvek od **TIVL** » 24 bře 2017 15:43

diskinfo:

----------------------------------------------------------------------------
CrystalDiskInfo 6.7.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 Professional [10.0 Build 10586] (x64)
Date : 2017/03/24 15:42:59

-- Controller Map ----------------------------------------------------------
- ATA Channel 0 (0) [ATA]
- ATA Channel 1 (1) [ATA]
+ ATA Channel 0 (0) [ATA]
- WDC WD2500AAKS-00F0A0 ATA Device
+ ATA Channel 1 (1) [ATA]
- ST3200827AS ATA Device
- ATA Channel 0 (0) [ATA]
+ ATA Channel 1 (1) [ATA]
- TSSTcorp CDDVDW SH-S223C ATA Device
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) 5 Series/3400 Series Chipset Family 2 port Serial ATA Storage Controller - 3B26 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) 5 Series/3400 Series Chipset Family 4 port Serial ATA Storage Controller - 3B20 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD2500AAKS-00F0A0 : 250,0 GB [0/2/0, pd1] - wd
(2) ST3200827AS : 200,0 GB [1/3/1, pd1] - st

----------------------------------------------------------------------------
(1) WDC WD2500AAKS-00F0A0
----------------------------------------------------------------------------
Model : WDC WD2500AAKS-00F0A0
Firmware : 12.01B02
Serial Number : WD-WCAT1F509867
Disk Size : 250,0 GB (8,4/137,4/250,0/250,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : ---- | SATA/300
Power On Hours : 8365 hod.
Power On Count : 3034 krát
Temperature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 201 192 _21 000000000394 Čas na roztočení ploten
04 _97 _97 __0 000000000BE7 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _89 _89 __0 0000000020AD Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000BDA Počet cyklů zapnutí zařízení
C0 200 200 __0 000000000109 Počet vypnutí disku
C1 199 199 __0 000000000BE7 Počet cyklů načítání/vymazání
C2 111 _95 __0 000000000020 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4154 3146 3530 3938 3637
020: 0000 8000 0032 3132 2E30 3142 3032 5744 4320 5744
030: 3235 3030 4141 4B53 2D30 3046 3041 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0044 0040
080: 01FE 0000 746B 7F01 4123 7469 BC01 4123 207F 0017
090: 0017 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 0000 0000 0000 5001 4EE1
110: 5833 5E5B 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16B4 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 87A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 C9 C0 94 03 00 00 00 00 00 04 32 00 61 61 E7
020: 0B 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 64 FD 00 00 00 00 00 00 00 09 32
040: 00 59 59 AD 20 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 61 61 DA 0B 00 00 00 00 00 C0 32
070: 00 C8 C8 09 01 00 00 00 00 00 C1 32 00 C7 C7 E7
080: 0B 00 00 00 00 00 C2 22 00 6F 5F 20 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 C8 C8 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 48 12 01 7B
170: 03 00 01 00 02 3A 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 64 64 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D5

----------------------------------------------------------------------------
(2) ST3200827AS
----------------------------------------------------------------------------
Model : ST3200827AS
Firmware : 3.AAE
Serial Number : 4ND2V37C
Disk Size : 200,0 GB (8,4/137,4/200,0/200,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 390721968
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : ---- | SATA/300
Power On Hours : 28420 hod.
Power On Count : 3495 krát
Temperature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _93 __6 00000862C4DF Počet chyb čtení
03 _98 _98 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 000000001231 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _89 _60 _30 0000313A5AC0 Počet chybných hledání
09 _68 _68 __0 000000006F04 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 _20 000000000DA7 Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _67 _51 _45 0000211A0021 Teplota toku vzduchu
C2 _33 _49 __0 001000000021 Teplota
C3 _63 _54 __0 0000037231D6 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 344E 4432 5633 3743
020: 0000 4000 0004 332E 4141 4520 2020 5354 3332 3030
030: 3832 3741 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 00F0 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0040 0040
080: 00FE 0000 346B 7D01 4023 3469 3C01 4023 207F 0000
090: 0000 FEFE FFFE 0000 FE00 0000 0000 0000 0000 0000
100: F1B0 1749 0000 0000 0000 0000 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0100 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 F1B0
130: 1749 F1B0 1749 2020 0002 02B6 0002 008A 3C06 3C0A
140: 0000 07C6 0100 0800 100F 1200 0002 0080 0000 0000
150: 00A0 0202 0000 0404 0000 0000 0000 0000 1000 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 1EA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 75 5D DF C4 62 08 00 00 00 03 03
010: 00 62 62 00 00 00 00 00 00 00 04 32 00 60 60 31
020: 12 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 59 3C C0 5A 3A 31 00 00 00 09 32
040: 00 44 44 04 6F 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 61 61 A7 0D 00 00 00
060: 00 00 BB 32 00 64 64 00 00 00 00 00 00 00 BD 3A
070: 00 64 64 00 00 00 00 00 00 00 BE 22 00 43 33 21
080: 00 1A 21 00 00 00 C2 22 00 21 31 21 00 00 00 10
090: 00 00 C3 1A 00 3F 36 D6 31 72 03 00 00 00 C5 12
0A0: 00 64 64 00 00 00 00 00 00 00 C6 10 00 64 64 00
0B0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 00 00 64 FD 00 00 00 00 00 00 00 CA 32
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 AE 01 00 5B
170: 03 00 01 00 01 46 02 00 00 00 00 00 00 00 00 00
180: 00 00 01 00 00 00 01 00 03 03 02 03 02 03 02 00
190: 00 00 00 00 00 00 00 01 9A D7 32 14 00 00 00 00
1A0: 00 00 C9 3B 82 74 15 03 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 9A D7 32 14 00 00 00 00 00 00 00 00
1C0: 02 00 01 00 00 00 00 00 00 00 44 E8 60 AE 04 00
1D0: 00 00 71 0A 00 00 00 00 00 00 01 6F 00 00 00 00
1E0: 5D B9 01 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A1

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 BB 00 00 00 00 00 00 00 00 00 00 00 BD 00
070: 00 00 00 00 00 00 00 00 00 00 BE 2D 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C3 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 CA 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26

a fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Virgill (24-03-2017 15:32:15) Run:1
Running from C:\Users\Virgill\Desktop
Loaded Profiles: Virgill (Available Profiles: Virgill)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\...\MountPoints2: {25f03466-b0ed-11e5-8ece-000e2e640877} - "I:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
Toolbar: HKU\S-1-5-21-2573572955-775236183-1901679569-1000 -> No Name - {A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} - No File
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
Folder: C:\Users\Virgill\AppData\Local\CrashDumps
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25f03466-b0ed-11e5-8ece-000e2e640877} => key removed successfully
HKCR\CLSID\{25f03466-b0ed-11e5-8ece-000e2e640877} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2573572955-775236183-1901679569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} => value removed successfully
HKCR\CLSID\{A3834AE7-CA97-48EA-80E9-70F6E1ADD4DB} => key not found.
NVIDIA Wireless Controller Service => service not found.
HKLM\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC => key removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully

========================= Folder: C:\Users\Virgill\AppData\Local\CrashDumps ========================

2017-03-11 23:11 - 2017-03-11 23:11 - 12043446 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\bsgo.exe.12832.dmp
2017-03-10 22:00 - 2017-03-10 22:00 - 0029473 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\bsgo.exe.14232.dmp
2017-03-10 19:11 - 2017-03-10 19:11 - 15468192 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.11904.dmp
2017-03-10 19:05 - 2017-03-10 19:05 - 15456394 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.11924.dmp
2017-03-10 19:07 - 2017-03-10 19:07 - 15463846 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.12716.dmp
2017-03-10 19:12 - 2017-03-10 19:12 - 15464270 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.14528.dmp
2017-03-10 19:11 - 2017-03-10 19:11 - 15467002 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.15252.dmp
2017-03-10 19:08 - 2017-03-10 19:08 - 15466914 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.4148.dmp
2017-03-10 19:18 - 2017-03-10 19:18 - 15467170 _____ () C:\Users\Virgill\AppData\Local\CrashDumps\BsgoAgent.exe.9732.dmp

====== End of Folder: ======

C:\Users\Public\DRM => ":احتضان" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 15911867 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24347085 B
Java, Flash, Steam htmlcache => 36184730 B
Windows/system/drivers => 5025842 B
Edge => 850334 B
Chrome => 393979415 B
Firefox => 382762398 B
Opera => 21351584 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 15318 B
LocalService => 107948 B
NetworkService => 168054 B
Virgill => 795660660 B

RecycleBin => 1155838 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:34:08 ====

#14 Příspěvek od **altrok** » 26 bře 2017 19:09

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

TIVL · #15 Příspěvek od **TIVL** » 13 dub 2017 00:31

OK, vyřešeno, díky moc.

VIRY.CZ

prev controla

prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla

Re: prev controla