Preventivní kontrola

[cunik.cz]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by toombar PC (07-07-2017 09:33:53)
Running from C:\Users\toombar PC\Desktop
Windows 10 Pro Version 1607 (X64) (2017-01-02 07:39:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4143605839-527040269-2466945285-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4143605839-527040269-2466945285-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4143605839-527040269-2466945285-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4143605839-527040269-2466945285-501 - Limited - Disabled)
toombar PC (S-1-5-21-4143605839-527040269-2466945285-1001 - Administrator - Enabled) => C:\Users\toombar PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Enabled - Up to date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{F611E93B-8EC1-4662-BDFF-6909DB820862}) (Version: 2.2.3509.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{4bf26510-8c4e-447c-b819-2967aeca2839}) (Version: 2.2.3509.0 - Futuremark)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.0.0 - Auslogics Labs Pty Ltd)
BioShock Infinite version 1.1.25.5165 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.1.25.5165 - 2K Games)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
devolo dLAN Configuration Wizard (HKLM-x32\...\dlanconf) (Version: 17.0.0.0 - devolo AG)
devolo Informer (HKLM-x32\...\dslmon) (Version: 26.0.0.0 - devolo AG)
ESET Smart Security (HKLM\...\{E483B847-824D-4659-A760-0AC8FE24055E}) (Version: 10.0.386.1 - ESET, spol. s r.o.)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version: - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{6583B359-134F-480D-9B31-9B94EFFAFE40}) (Version: 5.0.609.0 - Futuremark)
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 7.0 - Genie9)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Mafia III Update v1.01 Hotfix (HKLM\...\bWFmaWFpaWk_is1) (Version: 1 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\OneDriveSetup.exe) (Version: 17.3.6944.0627 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1.6382 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 cs)) (Version: 52.2.1 - Mozilla)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSI RAMDisk (HKLM-x32\...\{F29CF050-7278-4CDB-9EF8-2DC6DAA87453}}_is1) (Version: 1.0.0.22 - MSI)
MXGP3 The Official Motocross Videogame (HKLM-x32\...\MXGP3 The Official Motocross Videogame_is1) (Version: - )
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.8229.2041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8229.2041 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32\...\1453301453_is1) (Version: gog-1 - GOG.com)
Ovládací panel NVIDIA 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.33 - NVIDIA Corporation) Hidden
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7855 - Realtek Semiconductor Corp.)
Registry Cleaner (HKLM-x32\...\Registry Cleaner_is1) (Version: 2.0 - Abelssoft)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VivPDF Editor (HKLM-x32\...\VivPDFEditor_is1) (Version: 3.0.1.1013 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WashAndGo (HKLM-x32\...\AbAppId-53_is1) (Version: 23.0 - Abelssoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
Základní software zařízení HP Deskjet 3510 series (HKLM\...\{1719C693-20CF-4BC3-831F-B65E79268114}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers03: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Malware bytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers06: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers06: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Malware bytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005E4777-0B2D-4161-9221-A4410BCAA41B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {03C63931-7F4D-4264-87B7-F37BD175FFC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-29] (Microsoft Corporation)
Task: {1689C970-B79D-4AFB-B115-F9C7DE6F5A85} - System32\Tasks\Core Temp Autostart toombar PC => D:\Core Temp\Core Temp\Core Temp.exe
Task: {27E02E48-8A2A-4AE9-B9D6-05031C5D6A1B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {29F72EF3-124D-41E8-A281-5560DBF19469} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {2C91CC2A-E08A-4EB2-814A-391F8791F104} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {2DF9629A-CBE3-4963-BBC2-EF1B8C950AE3} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_toombar_20PC => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2017-01-10] (H.D.S. Hungary)
Task: {4BE5A328-E335-4AAC-85AE-15BD822ED63B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {593A4FB7-0297-4168-BE3B-06AF3187A53A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {7AA67E60-37AC-432A-8A40-CD04ACD04D72} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {7F547DBA-407D-4E91-B319-E6EEF9EE8D63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {8AE86DE8-6CB4-4B3A-89BE-17E1FFC718B2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {963167D3-B253-4207-86F4-655D27DF90CF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {989C0D16-5230-4F0C-8238-60828BC7302F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-22] ()
Task: {9ED3B29F-C3DF-4D5C-8D55-BFC3C076AE36} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {A3908112-A23A-4D7B-82A9-9E82535A44E5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {A54EE21B-A0B3-4E0C-9F32-90DF66728C18} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {B1248DB1-3D36-4D65-9A12-409008985F9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {B6C73325-5F81-4E5F-877F-04BAA493C4B8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {B7A641CD-4665-41CF-89CE-53D5F3087993} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {B8C07CBD-159F-4910-841C-134ECC6C4E6D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {BA5A75D6-7938-4F44-A278-6ED4CF804E1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-29] (Microsoft Corporation)
Task: {DA72F29E-EEBD-443A-AC0D-FFA80D3FE39F} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {E6C3D4DC-B3A2-4C77-BD1A-DB7250601E4C} - System32\Tasks\ABRC_RegularCheck => C:\Program Files (x86)\RegistryCleaner\RegistryCleaner.exe [2016-09-26] (Ascora GmbH)
Task: {F4CFA098-7BD1-4866-ACEE-8FA7D0AB4318} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-22] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 13:15 - 2016-10-05 13:15 - 00107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-05 13:15 - 2016-10-05 13:15 - 00412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2017-01-03 17:49 - 2017-06-21 09:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-04 18:09 - 2016-10-04 18:09 - 00253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-13 20:49 - 2017-06-03 12:01 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-04-13 15:31 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-01-02 21:01 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:40 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:41 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:41 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:41 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 20:48 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 20:48 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-06 09:22 - 2017-06-27 12:06 - 02260432 _____ () D:\MALWARE BYTES\ANTI-MALWARE\MwacLib.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 14:40 - 2017-06-21 14:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-27 14:52 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 14:52 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-17 16:02 - 2017-05-17 16:02 - 02493440 _____ () D:\Origin\libGLESv2.dll
2016-10-20 02:28 - 2016-10-20 02:28 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-01-03 17:49 - 2017-06-21 09:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-13 15:31 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-01-09 21:15 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-01-09 21:15 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-03 17:49 - 2017-06-21 09:06 - 66837112 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-09 21:16 - 2017-05-08 21:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 13:42 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-05-01 17:07 - 2017-07-04 21:43 - 00189040 _____ () C:\Users\toombar PC\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-07-03 21:53 - 2016-08-10 17:13 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-07-03 21:53 - 2016-08-10 17:13 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2017-07-03 21:53 - 2016-08-10 17:13 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2017-07-03 21:53 - 2017-05-09 10:59 - 00631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-07-03 21:53 - 2016-12-12 16:52 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-07-03 21:53 - 2016-12-12 16:52 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-07-03 21:53 - 2016-12-12 16:52 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-01 21:13 - 2017-07-06 07:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4143605839-527040269-2466945285-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\StartupFolder: => "GoogleUpdate.lnk"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\StartupFolder: => "TeamViewer 12.lnk"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "Internet Download Accelerator"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "IDMan"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BB87FC1-7ADE-489F-9D4F-B8040F43995A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AE420C2-70CD-468E-9F8B-7AA15C03AB77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0C56CAC2-8D27-48FD-96F6-5F2B6F2A0E25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BB6D2ECE-87A2-4869-BBAE-215A940DC7DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{054994F0-3D6C-44D8-9F0A-3088ECF85AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A06208B1-51B1-4216-B5E5-6B32C4B87F15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{542FB5E4-7E04-4B8E-9FB4-D77E35E4C281}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{6E020CC2-F01E-4CF6-BA70-1E8207543871}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2006F230-F773-476E-8808-981D327D18FF}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3BB9D368-A439-424F-92B1-5547CB5BDA91}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6F832742-179A-442B-86B9-2D18CDCF4D3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F7D1996-7891-4DD0-B028-1D23520EC21E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03E3F36C-22B4-44EE-B088-2B3BADA62CAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FF94A641-F0D8-4488-BF30-E035A7DE78DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{970C9A08-A9EC-4C2D-925B-2BA0EF5AAAF1}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{0DEBFC3B-0F33-4155-B211-BDFF49F2892A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{A1EBA1A0-6DC3-4EA3-9DE7-9647B425DF96}] => (Allow) LPort=26789
FirewallRules: [{5415E77C-7A3D-4CAD-A77F-E997A9AB6821}] => (Allow) D:\Hry\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{C84A1A03-F355-41A7-839A-DB5A4152FBCE}] => (Allow) D:\Hry\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{C710728D-5345-44B8-BC74-2720F2DD7F33}] => (Allow) D:\Hry\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{6E5BC75F-825C-45D5-B9F1-535C85DF9E55}] => (Allow) D:\Hry\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{BAA12E25-C3B1-4EEC-AFE7-95FEA37D797F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6EBB338B-2487-47E2-9E23-CA9746D1DFDA}] => (Allow) C:\Program Files (x86)\devolo\informer\devinf.exe
FirewallRules: [{8A401C9F-A52D-4E5F-AC23-B4035AA7D18F}] => (Allow) C:\Program Files (x86)\devolo\informer\devinf.exe
FirewallRules: [{8446E624-A84A-4A01-BE84-34E7E66C5947}] => (Allow) C:\Program Files (x86)\devolo\easyshare\easyshare.exe
FirewallRules: [{613463AE-D325-4A84-B964-EFCEF048F66F}] => (Allow) C:\Program Files (x86)\devolo\easyshare\easyshare.exe
FirewallRules: [{8F0C27FD-FC3F-440E-990E-06D271BBF254}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4E686FA2-97B6-4E87-8AE2-9843F1920BA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B1BB7B94-B859-4BE2-9C39-48DC7864D4E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B360DB71-416D-4F9B-B89A-9A3340747C1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{02DD9530-32F3-4020-80CA-448B151EA13C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0296D34D-F3DC-4080-92EC-19FB311C9AA2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BAE92C30-82FF-4600-98A5-B5C3FAE302E7}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe

==================== Restore Points =========================

03-07-2017 22:12:14 RegistryCleaner 03.07.2017 22:12:14
04-07-2017 08:59:00 Before uninstalling TAP-Windows 9.21.2
04-07-2017 09:12:20 Before uninstalling CyberGhost 6
05-07-2017 16:39:16 RegistryCleaner 05.07.2017 16:39:16
05-07-2017 16:48:39 Installed Copernic Desktop Search 6
05-07-2017 16:56:12 Before uninstalling Copernic Desktop Search 6
06-07-2017 09:41:54 Before uninstalling Kodi

==================== Faulty Device Manager Devices =============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2017 08:58:09 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (07/07/2017 08:57:56 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů rdyboost. První čtyři bajty (DWORD) datové sekce obsahují kód chyby systému Windows.

Error: (07/06/2017 10:19:47 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/06/2017 10:19:47 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/06/2017 09:44:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Kodi.exe, verze: 17.9.701.0, časové razítko: 0x595db372
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.14393.0, časové razítko: 0x578997b5
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000006ea1e
ID chybujícího procesu: 0x1f80
Čas spuštění chybující aplikace: 0x01d2f62ade8b747f
Cesta k chybující aplikaci: D:\Kodi\Kodi.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 3bc8c789-12e0-4b07-a892-7e7defe012c7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/06/2017 09:41:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (07/06/2017 08:14:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MSI_LiveUpdate_Service.exe, verze: 1.0.0.40, časové razítko: 0x58bcfad9
Název chybujícího modulu: NDA.dll_unloaded, verze: 1.0.0.15, časové razítko: 0x581aa4cc
Kód výjimky: 0xc0000005
Posun chyby: 0x000f650e
ID chybujícího procesu: 0xbdc
Čas spuštění chybující aplikace: 0x01d2f61f29e36a2e
Cesta k chybující aplikaci: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
Cesta k chybujícímu modulu: NDA.dll
ID zprávy: 15e0f393-5bc1-4910-9565-6f70e7837206
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/06/2017 07:26:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/06/2017 07:26:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (07/06/2017 07:25:58 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {73b37090-545d-4f5d-9a6f-f5fb3ddb09f4}


System errors:
=============
Error: (07/06/2017 10:19:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ANQTDIM)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/06/2017 10:19:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/06/2017 09:24:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4143605839-527040269-2466945285-1001-07062017092451453-ntuser.dat

Error: (07/06/2017 08:15:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Intel(R) Online Connect Helper bylo dosaženo časového limitu (60000 ms).

Error: (07/06/2017 08:14:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI Live Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/06/2017 08:14:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:07:03, ‎06.‎07.‎2017) bylo neočekávané.

Error: (07/06/2017 07:28:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Intel(R) Online Connect Helper bylo dosaženo časového limitu (60000 ms).

Error: (07/06/2017 07:26:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/06/2017 07:26:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Online Connect byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (07/06/2017 07:26:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2017-07-05 17:01:37.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-07-03 22:41:12.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Modules\em023_64\10445\em023_64.dll.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:41:11.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Modules\em023_64\10445\em023_64.dll.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:38.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod7D44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:38.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod7D44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:37.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod6A44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:37.678
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod6A44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:36.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod5E08.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:36.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod5E08.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:36.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod5856.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 16344 MB
Available physical RAM: 9214.03 MB
Total Virtual: 32728 MB
Available Virtual: 24871.39 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:3 GB) (Free:2.94 GB) NTFS
Drive c: () (Fixed) (Total:223.57 GB) (Free:59.06 GB) NTFS
Drive d: () (Fixed) (Total:930.97 GB) (Free:643.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 72232B3D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 9CC853E6)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[sorcer]

Odinstalujte iObit Mal. Fighter.

Pouzijte JRT:
http://thisisudax.org/downloads/JRT.exe

Ulozte utilitu na plochu
Po spusteni stisknete libovolnou klavesu
Bude vytvorena zaloha a nasledne probehne prohledavani - skenovani
Vytvoren je log (ulozen na disku C:\JRT jako JRT.txt)
Tento mi sem vlozte

a pote

Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe

Ulozte opet na Plochu
Zoek spuste jako Admin (pravym a dejte Run As Administrator) ci Spustit jako spravce
Vlozte skript nize:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Kliknete na: Run Script
Po opravě následuje restart Pc.
Log, prosím vlozte sem do topicu.

[cunik.cz]

Jo a nevíte kde bych mohl stáhnout ten Zoek? Protže link co jste jsem napsal je nefunkční a nikde na netu ho nemůžu ani za boha najít.

[cunik.cz]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by toombar PC (Administrator) on 08.07.2017 at 10:30:53,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\productdata (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2017 at 10:32:10,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[cunik.cz]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by toombar PC on 08.07.2017 at 15:38:26,79.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\toombar PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

08.07.2017 15:38:58 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Adobe Acrobat deleted successfully
C:\PROGRA~2\Mozilla Firefox deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~2\WTFast deleted successfully
C:\Program Files\CyberGhost 6 deleted successfully
C:\Program Files\MSI Kombustor 3 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Copernic deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SolidDocuments deleted successfully
C:\PROGRA~3\TP-LINK deleted successfully
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\Users\defaultuser0\AppData\LocalLow deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\toombar PC\AppData\Local\calibre-cache deleted successfully
C:\Users\toombar PC\AppData\Local\CrashDumps deleted successfully
C:\Users\toombar PC\AppData\Local\GHISLER deleted successfully
C:\Users\toombar PC\AppData\Local\NetworkTiles deleted successfully
C:\Users\toombar PC\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4143605839-527040269-2466945285-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-4143605839-527040269-2466945285-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-4143605839-527040269-2466945285-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\TOOMBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\prefs.js:

Added to C:\Users\TOOMBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\TOOMBA~1\AppData\Roaming\Thunderbird\Profiles\02jqsdsr.default\prefs.js:

Added to C:\Users\TOOMBA~1\AppData\Roaming\Thunderbird\Profiles\02jqsdsr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Adobe Acrobat not found
C:\PROGRA~2\Mozilla Firefox not found
C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\WTFast not found
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\toombar PC\AppData\Roaming\calibre deleted
C:\Users\toombar PC\.android deleted
C:\PROGRA~2\Your Uninstaller! 7 deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\toombar PC\AppData\Local\MSGBOX.EXE deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\TOOMBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\TOOMBA~1\AppData\Roaming\Thunderbird\Profiles\02jqsdsr.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\TOOMBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\TOOMBA~1\AppData\Roaming\Thunderbird\Profiles\02jqsdsr.default
- Lightning - C:\Users\toombar PC\AppData\Roaming\Thunderbird\Profiles\02jqsdsr.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

==== Firefox Plugins ======================

Profilepath: C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default
D24D187FF3004EB238C2B4F84A86DCDE - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL - Microsoft Office 2016


==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\TOOMBA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[07.07.2017 20:07]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Drive App Launcher - toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\EV4FQFL9 will be deleted at reboot
C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\EWYOQKWD will be deleted at reboot
C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\X935PCR1 will be deleted at reboot
C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\XZUPBL1S will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=89 folders=55 64697269 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\TOOMBA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\EV4FQFL9" not found
"C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\EWYOQKWD" not found
"C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\X935PCR1" not found
"C:\Users\toombar PC\AppData\Local\Microsoft\Windows\INetCache\IE\XZUPBL1S" not found

==== EOF on 08.07.2017 at 15:52:40,97 ======================

[sorcer]

Omlouvám se, měl jsem v odkaze na konci navíc "A".

Jak se PC nyní chová ?

[cunik.cz]

No zatím to žádné známky divného chování nejeví ale kdyby byla ještě nějaká možnost jak to proskenovat jestli to ten Zoek odstranil tak bych to bral. Jo a jinak co jsem ta měl?

[sorcer]

Plevel v prohlizecich. Redirect malware a nejake pop-ups.

Doporucuji vetsi obezreznost pri odklikavani cehokoliv v prohlizecich.

Dale stahovat "media" jen z overenych zdroju.

Muzeme jeste jednou FRST.

[cunik.cz]

Jasně tady je. Jo a můžu se zeptat co je ten Redicted malware? Co dělá a jestli se chová jako klasický malware nebo je to něco "spešl"?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by toombar PC (administrator) on DESKTOP-ANQTDIM (08-07-2017 20:30:16)
Running from C:\Users\toombar PC\Desktop
Loaded Profiles: toombar PC (Available Profiles: defaultuser0 & toombar PC)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sandboxie Holdings, LLC) D:\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Micro-Star Int'l Co., Ltd.) C:\Windows\SysWOW64\RAMDiskImage.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Electronic Arts) D:\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\toombar PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CPUID) D:\hwmonitor\HWMonitor\HWMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(forum.viry.cz) C:\Users\toombar PC\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15371216 2017-03-07] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Deamon Tools Lite\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [Spotify Web Helper] => C:\Users\toombar PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-04] (Spotify Ltd)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [Spotify] => C:\Users\toombar PC\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-07-04] (Spotify Ltd)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [Internet Download Accelerator] => D:\DOWNLOAD MANAGER\IDA\ida.exe -autorun
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Run: [SandboxieControl] => D:\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AIDA64 Extreme.lnk [2017-01-03]
ShortcutTarget: AIDA64 Extreme.lnk -> C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2017-01-02]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\toombar PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.lnk [2017-02-21]
ShortcutTarget: GoogleUpdate.lnk -> C:\Users\toombar PC\AppData\Local\Temp\Chrome Updates\SeachEngine.exe (No File)
Startup: C:\Users\toombar PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3510 series (Síť).lnk [2017-04-05]
Startup: C:\Users\toombar PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 12.lnk [2017-01-25]
ShortcutTarget: TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4891d0ff-1a20-42ba-a7d6-8abe48e48a6a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f98c4fc4-24af-480f-9360-39db72a23b05}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4143605839-527040269-2466945285-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-22] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: xy92jgbi.default
FF ProfilePath: C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default [2017-07-08]
FF NewTab: Mozilla\Firefox\Profiles\xy92jgbi.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\xy92jgbi.default -> about:home
FF Extension: (Internet Download Accelerator) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Adblock Plus) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-02]
FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\features\{f33d134b-ae02-4e76-939e-c9deba970867}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
FF Extension: (No Name) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\extensions\ascsurfingprotectionnew@iobit.com.xpi [not found]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-22] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR Profile: C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Disk Google) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-08]
CHR Extension: (AdBlock) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\toombar PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-4143605839-527040269-2466945285-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOOMBA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-07-07]
CHR HKU\S-1-5-21-4143605839-527040269-2466945285-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; D:\Deamon Tools Lite\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-03-09] (Futuremark)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [75192 2017-04-05] (Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286032 2017-03-06] (Micro-Star INT'L CO., LTD.)
R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [70608 2016-12-02] (Micro-Star Int'l Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2162064 2017-05-17] (Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3136920 2017-05-17] (Electronic Arts)
R2 RAMDrivService; C:\Windows\SysWoW64\RAMDiskImage.exe [343448 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R2 SbieSvc; D:\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R3 cpuz143; C:\Users\toombar PC\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2017-07-08] (CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-04] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-04] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [541672 2015-11-24] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-12-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET)
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-07-20] (Intel Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2017-04-13] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2008-11-28] (CACE Technologies)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R2 RAMDriv; C:\Windows\SysWOW64\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R3 SbieDrv; D:\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 20:30 - 2017-07-08 20:30 - 00025241 _____ C:\Users\toombar PC\Desktop\FRST.txt
2017-07-08 20:24 - 2017-07-08 20:24 - 00029696 _____ C:\Users\toombar PC\AppData\Local\MSGBOX.EXE
2017-07-08 20:24 - 2017-07-08 20:24 - 00015327 _____ C:\Users\toombar PC\Desktop\LM.bat
2017-07-08 20:24 - 2017-07-08 20:24 - 00000000 ____D C:\Users\toombar PC\Desktop\FRST-OlderVersion
2017-07-08 15:58 - 2017-07-08 15:58 - 00001141 _____ C:\Users\toombar PC\Desktop\Your Unin-staller!.lnk
2017-07-08 15:58 - 2017-07-08 15:58 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2017-07-08 15:49 - 2017-07-08 15:38 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-08 15:38 - 2017-07-08 15:48 - 00000000 ____D C:\zoek_backup
2017-07-08 10:41 - 2017-07-08 10:41 - 00000711 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-07-07 09:33 - 2017-07-08 20:24 - 02437120 _____ (Farbar) C:\Users\toombar PC\Desktop\FRST64.exe
2017-07-05 16:50 - 2017-07-05 16:50 - 00345448 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-05 11:39 - 2017-07-05 11:39 - 00001058 _____ C:\Users\Public\Desktop\BioShock Infinite.lnk
2017-07-05 11:39 - 2017-07-05 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock Infinite
2017-07-04 08:16 - 2017-07-07 08:59 - 00003386 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4143605839-527040269-2466945285-1001
2017-07-03 22:02 - 2017-07-03 22:02 - 00000000 ____D C:\ProgramData\BDLogging
2017-07-03 22:02 - 2016-12-05 15:32 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-07-03 21:58 - 2017-07-03 21:58 - 00000000 ____D C:\Users\toombar PC\Documents\Abelssoft
2017-07-03 21:57 - 2017-07-03 21:57 - 00001630 _____ C:\Users\Public\Desktop\WashAndGo.lnk
2017-07-03 21:57 - 2017-07-03 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WashAndGo
2017-07-03 21:53 - 2017-07-07 21:54 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\IObit
2017-07-03 21:53 - 2017-07-05 19:27 - 00000000 ____D C:\Users\toombar PC\AppData\LocalLow\IObit
2017-07-03 21:53 - 2017-07-03 21:53 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-03 21:52 - 2017-07-03 21:53 - 00000000 ____D C:\ProgramData\IObit
2017-07-03 20:43 - 2017-07-03 20:43 - 00478392 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\8D1587E1.sys
2017-07-03 20:43 - 2017-07-03 20:43 - 00085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\35073608.sys
2017-07-03 20:41 - 2017-07-03 20:41 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-03 20:41 - 2017-06-21 09:07 - 00179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-07-03 20:41 - 2017-06-21 09:07 - 00146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-06-29 13:55 - 2017-06-29 13:55 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-28 21:17 - 2017-06-28 21:18 - 00278606 _____ C:\TDSSKiller.3.1.0.15_28.06.2017_21.17.46_log.txt
2017-06-28 17:46 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-28 17:46 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-28 17:46 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-28 17:46 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-28 17:46 - 2017-04-11 20:27 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-28 17:46 - 2017-04-11 20:27 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-28 17:46 - 2017-03-15 20:15 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-28 17:46 - 2017-03-15 20:15 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-23 20:08 - 2017-06-23 20:08 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign874f466da20422b5
2017-06-23 20:08 - 2017-06-23 20:08 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign8392ef7b2a59e8ae
2017-06-23 20:08 - 2017-06-23 20:08 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign5c6ad63c57b95dca
2017-06-23 20:07 - 2017-06-23 20:07 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign4d146dbb9a39ceee
2017-06-23 20:07 - 2017-06-23 20:07 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign2187ab63b5386fc4
2017-06-23 20:07 - 2017-06-23 20:07 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Tempzxpsign13a8f23920f36c62
2017-06-21 14:50 - 2017-06-21 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-06-19 16:07 - 2017-06-19 16:07 - 00001316 _____ C:\Users\Public\Desktop\Far Cry Primal.lnk
2017-06-19 16:07 - 2017-06-19 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal
2017-06-19 16:04 - 2017-06-19 16:07 - 00000000 ____D C:\Program Files (x86)\Far Cry Primal
2017-06-19 14:56 - 2017-06-19 14:56 - 00000000 ____D C:\Users\toombar PC\AppData\Local\MegaDownloader
2017-06-18 19:48 - 2017-06-18 19:50 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\uTorrent
2017-06-13 22:09 - 2017-06-13 22:09 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-06-13 20:49 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 20:49 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-06-13 20:49 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 20:49 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 20:49 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 20:49 - 2017-06-03 12:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-06-13 20:49 - 2017-06-03 12:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-06-13 20:49 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-13 20:49 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 20:49 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 20:49 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-06-13 20:49 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-06-13 20:49 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-06-13 20:49 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-06-13 20:49 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-06-13 20:49 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-13 20:49 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-13 20:49 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-06-13 20:49 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-06-13 20:49 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 20:49 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-06-13 20:49 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-06-13 20:49 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 20:49 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-06-13 20:49 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-13 20:49 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 20:49 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-13 20:49 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-06-13 20:49 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-13 20:49 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-06-13 20:49 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 20:49 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 20:49 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-06-13 20:49 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 20:49 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll
2017-06-13 20:49 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-06-13 20:49 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-06-13 20:49 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-13 20:49 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-06-13 20:49 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 20:49 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-13 20:49 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-06-13 20:49 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-06-13 20:49 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-06-13 20:49 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 20:49 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-06-13 20:49 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-06-13 20:49 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-06-13 20:49 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-06-13 20:49 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-06-13 20:49 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 20:49 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-06-13 20:49 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2017-06-13 20:49 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-13 20:49 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 20:49 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 20:49 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-06-13 20:49 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-06-13 20:49 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-06-13 20:49 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-06-13 20:49 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 20:49 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-06-13 20:49 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2017-06-13 20:49 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-06-13 20:49 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 20:49 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 20:49 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 20:49 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 20:49 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-06-13 20:49 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 20:49 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 20:49 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-06-13 20:49 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-06-13 20:49 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 20:49 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-06-13 20:49 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 20:49 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 20:49 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 20:49 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 20:49 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-06-13 20:49 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 20:49 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 20:49 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 20:49 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-06-13 20:49 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-06-13 20:49 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-06-13 20:49 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-06-13 20:49 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 20:49 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-06-13 20:49 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-06-13 20:49 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-06-13 20:48 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-06-13 20:48 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 20:48 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-06-13 20:48 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-13 20:48 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-06-13 20:48 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 20:48 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-13 20:48 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-13 20:48 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2017-06-13 20:48 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-06-13 20:48 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-06-13 20:48 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-06-13 20:48 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-06-13 20:48 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-06-13 20:48 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-06-13 20:48 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-13 20:48 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-13 20:48 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 20:48 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-06-13 20:48 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 20:48 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-06-13 20:48 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll
2017-06-13 20:48 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-06-13 20:48 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 20:48 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 20:48 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 20:48 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll
2017-06-13 20:48 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-13 20:48 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-06-13 20:48 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-06-13 20:48 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-06-13 20:48 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 20:48 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-06-13 20:48 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-13 20:48 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-06-13 20:48 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-06-13 20:48 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 20:48 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2017-06-13 20:48 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 20:48 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-06-13 20:48 - 2017-06-03 08:08 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-06-12 18:07 - 2017-06-12 18:07 - 00000000 ___RD C:\Sandbox
2017-06-12 18:03 - 2017-07-03 21:49 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Viv
2017-06-12 18:03 - 2017-06-12 18:03 - 00000825 _____ C:\Users\Public\Desktop\VivPDF Editor.lnk
2017-06-12 17:57 - 2017-07-08 15:26 - 00002790 _____ C:\Windows\Sandboxie.ini
2017-06-12 17:57 - 2017-06-12 17:57 - 00000741 _____ C:\Users\toombar PC\Desktop\Sandbox webový prohlížeč.lnk
2017-06-08 18:59 - 2017-06-08 18:15 - 00223432 ____N (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 20:30 - 2017-05-26 13:43 - 00000000 ____D C:\FRST
2017-07-08 20:29 - 2017-05-01 17:07 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Spotify
2017-07-08 20:26 - 2017-01-03 07:54 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Skype
2017-07-08 20:23 - 2017-05-01 17:06 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Spotify
2017-07-08 20:18 - 2017-01-02 09:37 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-07-08 18:25 - 2017-01-02 09:40 - 00000000 ____D C:\Users\toombar PC
2017-07-08 16:00 - 2017-01-03 19:27 - 00000000 ____D C:\ProgramData\TEMP
2017-07-08 15:59 - 2017-01-04 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-08 15:58 - 2017-02-28 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2017-07-08 15:58 - 2017-01-02 09:42 - 03462580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-08 15:58 - 2016-07-17 00:25 - 01468702 _____ C:\Windows\system32\perfh005.dat
2017-07-08 15:58 - 2016-07-17 00:25 - 00399164 _____ C:\Windows\system32\perfc005.dat
2017-07-08 15:53 - 2017-01-09 21:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-08 15:52 - 2017-05-29 18:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-08 15:52 - 2017-05-29 18:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-08 15:52 - 2017-02-26 17:35 - 33555456 _____ C:\Windows\SysWOW64\RAMDiskImage.data
2017-07-08 15:52 - 2017-01-02 11:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-08 15:52 - 2017-01-02 10:29 - 00000000 ____D C:\Users\toombar PC\AppData\LocalLow\Mozilla
2017-07-08 15:52 - 2017-01-02 09:37 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-08 15:52 - 2016-07-16 08:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-07-08 15:48 - 2016-07-16 13:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-08 15:34 - 2017-01-04 17:06 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\vlc
2017-07-08 11:05 - 2017-01-28 17:58 - 00000022 _____ C:\Windows\GPU-Z.INI
2017-07-08 10:41 - 2017-01-25 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-07-07 20:08 - 2017-03-19 18:04 - 00000000 ___RD C:\Users\toombar PC\Disk Google
2017-07-07 20:00 - 2017-01-10 20:15 - 00000000 ____D C:\Users\toombar PC\AppData\LocalLow\Temp
2017-07-07 18:04 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\AppReadiness
2017-07-07 08:59 - 2017-01-02 09:41 - 00002402 _____ C:\Users\toombar PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-07 08:59 - 2017-01-02 09:41 - 00000000 ___RD C:\Users\toombar PC\OneDrive
2017-07-06 17:26 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-06 09:45 - 2017-02-13 17:55 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Kodi
2017-07-06 07:27 - 2017-01-15 13:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-06 07:26 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-05 17:10 - 2017-04-26 18:49 - 00000000 ____D C:\AdwCleaner
2017-07-05 12:05 - 2017-02-22 19:39 - 00000000 ____D C:\Users\toombar PC\Documents\My Games
2017-07-05 12:05 - 2017-01-14 10:34 - 00000000 ____D C:\ProgramData\Steam
2017-07-05 11:07 - 2017-01-04 18:47 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\DAEMON Tools Lite
2017-07-04 09:03 - 2017-01-10 20:26 - 00000703 _____ C:\Users\toombar PC\Desktop\Start Tor Browser.lnk
2017-07-04 08:57 - 2017-01-02 09:40 - 00000000 ____D C:\Users\toombar PC\AppData\Local\VirtualStore
2017-07-04 08:57 - 2016-07-16 13:45 - 00000000 ____D C:\Windows\INF
2017-07-03 22:08 - 2017-03-20 07:14 - 00000000 ___HD C:\$WINDOWS.~BT
2017-07-03 22:08 - 2017-01-02 09:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-03 22:07 - 2017-06-07 21:30 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Internet Download Accelerator
2017-07-03 22:07 - 2017-03-22 20:36 - 00000000 ____D C:\Windows\Minidump
2017-07-03 22:07 - 2017-01-25 12:10 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\TeamViewer
2017-07-03 22:07 - 2017-01-15 18:15 - 00000000 ____D C:\Users\toombar PC\AppData\Roaming\Sony
2017-07-03 22:07 - 2017-01-02 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-07-03 22:07 - 2017-01-02 09:36 - 00000000 ____D C:\Windows\Panther
2017-07-03 22:07 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-03 21:58 - 2017-01-12 19:24 - 00000000 ____D C:\Users\toombar PC\AppData\Local\Abelssoft
2017-07-03 21:57 - 2017-01-12 19:23 - 00000000 ____D C:\ProgramData\Abelssoft
2017-07-03 20:42 - 2017-05-23 18:29 - 00004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-03 17:49 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 20:42 - 2017-01-02 09:56 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-07-03 20:42 - 2017-01-02 09:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-03 20:42 - 2017-01-02 09:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-03 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\system32\NDF
2017-07-03 18:18 - 2017-04-24 15:03 - 00000000 ____D C:\Users\toombar PC\AppData\Local\ElevatedDiagnostics
2017-06-29 20:48 - 2017-01-03 19:23 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-29 20:35 - 2017-01-16 17:05 - 00001254 _____ C:\Users\toombar PC\Desktop\Adobe Photoshop CC 2017.lnk
2017-06-29 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-29 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-28 17:50 - 2017-05-12 14:15 - 00000000 ____D C:\Windows\system32\UNP
2017-06-28 17:50 - 2017-05-12 14:15 - 00000000 ____D C:\Program Files\UNP
2017-06-28 17:47 - 2016-07-16 13:36 - 00000000 ____D C:\Windows\CbsTemp
2017-06-27 21:52 - 2017-01-02 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-22 20:14 - 2017-04-24 15:02 - 00000000 ____D C:\Program Files\trend micro
2017-06-22 20:09 - 2017-05-17 16:36 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-06-22 16:25 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\rescache
2017-06-22 14:38 - 2017-01-03 15:59 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-06-22 14:38 - 2017-01-03 15:59 - 00000000 ____D C:\Program Files (x86)\Logitech
2017-06-21 09:07 - 2017-01-06 21:57 - 00057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-06-21 09:07 - 2017-01-03 17:49 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-06-21 09:07 - 2017-01-02 09:56 - 01903224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-06-21 09:07 - 2017-01-02 09:56 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-06-21 09:07 - 2017-01-02 09:56 - 01489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-06-21 09:07 - 2017-01-02 09:56 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-06-21 09:07 - 2017-01-02 09:56 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-06-20 22:58 - 2017-01-03 17:49 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-18 18:13 - 2017-01-02 09:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 22:09 - 2016-07-16 13:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-13 22:09 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 22:09 - 2016-07-16 13:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-06-13 20:55 - 2017-01-02 21:02 - 00000000 ____D C:\Windows\system32\MRT
2017-06-13 20:53 - 2017-01-02 21:02 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-12 17:59 - 2017-01-06 20:33 - 00000000 ____D C:\ProgramData\Adobe
2017-06-09 20:15 - 2017-01-25 12:10 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-06-09 20:15 - 2017-01-25 12:10 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-06-09 20:15 - 2017-01-25 12:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-09 18:31 - 2017-01-02 09:57 - 00000000 ____D C:\Users\toombar PC\AppData\Local\NVIDIA Corporation
2017-06-08 19:29 - 2017-05-29 17:42 - 00000000 ____D C:\KVRT_Data

==================== Files in the root of some directories =======

2017-07-08 20:24 - 2017-07-08 20:24 - 0029696 _____ () C:\Users\toombar PC\AppData\Local\MSGBOX.EXE
2017-04-13 15:53 - 2017-04-21 18:43 - 0000700 ___SH () C:\Users\toombar PC\AppData\Local\systemFL7.dat
2017-03-27 21:27 - 2017-04-17 20:58 - 0000182 _____ () C:\Users\toombar PC\AppData\Local\uts.ini
2017-01-11 16:53 - 2017-01-11 16:53 - 0000037 _____ () C:\Users\toombar PC\AppData\Local\X-Plane Installer.prf
2017-01-11 16:57 - 2017-05-14 19:46 - 0000015 _____ () C:\Users\toombar PC\AppData\Local\X-Plane_drm_11.prf
2017-01-11 16:27 - 2017-01-11 16:27 - 0000024 _____ () C:\Users\toombar PC\AppData\Local\x-plane_install_11.txt
2017-01-03 17:49 - 2017-01-06 21:58 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-03 17:49 - 2017-01-06 21:10 - 0009275 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-05 11:57

==================== End of FRST.txt ============================

[cunik.cz]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by toombar PC (08-07-2017 20:30:40)
Running from C:\Users\toombar PC\Desktop
Windows 10 Pro Version 1607 (X64) (2017-01-02 07:39:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4143605839-527040269-2466945285-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4143605839-527040269-2466945285-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4143605839-527040269-2466945285-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4143605839-527040269-2466945285-501 - Limited - Disabled)
toombar PC (S-1-5-21-4143605839-527040269-2466945285-1001 - Administrator - Enabled) => C:\Users\toombar PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{F611E93B-8EC1-4662-BDFF-6909DB820862}) (Version: 2.2.3509.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{4bf26510-8c4e-447c-b819-2967aeca2839}) (Version: 2.2.3509.0 - Futuremark)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.0.0 - Auslogics Labs Pty Ltd)
BioShock Infinite version 1.1.25.5165 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.1.25.5165 - 2K Games)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
devolo dLAN Configuration Wizard (HKLM-x32\...\dlanconf) (Version: 17.0.0.0 - devolo AG)
devolo Informer (HKLM-x32\...\dslmon) (Version: 26.0.0.0 - devolo AG)
ESET Smart Security (HKLM\...\{E483B847-824D-4659-A760-0AC8FE24055E}) (Version: 10.0.386.1 - ESET, spol. s r.o.)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version: - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{6583B359-134F-480D-9B31-9B94EFFAFE40}) (Version: 5.0.609.0 - Futuremark)
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 7.0 - Genie9)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Mafia III Update v1.01 Hotfix (HKLM\...\bWFmaWFpaWk_is1) (Version: 1 - )
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\OneDriveSetup.exe) (Version: 17.3.6944.0627 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1.6382 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 cs)) (Version: 52.2.1 - Mozilla)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.10 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSI RAMDisk (HKLM-x32\...\{F29CF050-7278-4CDB-9EF8-2DC6DAA87453}}_is1) (Version: 1.0.0.22 - MSI)
MXGP3 The Official Motocross Videogame (HKLM-x32\...\MXGP3 The Official Motocross Videogame_is1) (Version: - )
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.8229.2041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8229.2041 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32\...\1453301453_is1) (Version: gog-1 - GOG.com)
Ovládací panel NVIDIA 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.33 - NVIDIA Corporation) Hidden
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7855 - Realtek Semiconductor Corp.)
Registry Cleaner (HKLM-x32\...\Registry Cleaner_is1) (Version: 2.0 - Abelssoft)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VivPDF Editor (HKLM-x32\...\VivPDFEditor_is1) (Version: 3.0.1.1013 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WashAndGo (HKLM-x32\...\AbAppId-53_is1) (Version: 23.0 - Abelssoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
Základní software zařízení HP Deskjet 3510 series (HKLM\...\{1719C693-20CF-4BC3-831F-B65E79268114}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers03: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => -> No File
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers06: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005E4777-0B2D-4161-9221-A4410BCAA41B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {03C63931-7F4D-4264-87B7-F37BD175FFC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-29] (Microsoft Corporation)
Task: {1689C970-B79D-4AFB-B115-F9C7DE6F5A85} - System32\Tasks\Core Temp Autostart toombar PC => D:\Core Temp\Core Temp\Core Temp.exe
Task: {27E02E48-8A2A-4AE9-B9D6-05031C5D6A1B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {29F72EF3-124D-41E8-A281-5560DBF19469} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {2C91CC2A-E08A-4EB2-814A-391F8791F104} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {2DF9629A-CBE3-4963-BBC2-EF1B8C950AE3} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_toombar_20PC => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2017-01-10] (H.D.S. Hungary)
Task: {4BE5A328-E335-4AAC-85AE-15BD822ED63B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {593A4FB7-0297-4168-BE3B-06AF3187A53A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {7AA67E60-37AC-432A-8A40-CD04ACD04D72} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {7F547DBA-407D-4E91-B319-E6EEF9EE8D63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {8AE86DE8-6CB4-4B3A-89BE-17E1FFC718B2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {963167D3-B253-4207-86F4-655D27DF90CF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {989C0D16-5230-4F0C-8238-60828BC7302F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-22] ()
Task: {9ED3B29F-C3DF-4D5C-8D55-BFC3C076AE36} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {A3908112-A23A-4D7B-82A9-9E82535A44E5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {A54EE21B-A0B3-4E0C-9F32-90DF66728C18} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {B1248DB1-3D36-4D65-9A12-409008985F9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {B6C73325-5F81-4E5F-877F-04BAA493C4B8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {B7A641CD-4665-41CF-89CE-53D5F3087993} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {B8C07CBD-159F-4910-841C-134ECC6C4E6D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {BA5A75D6-7938-4F44-A278-6ED4CF804E1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-29] (Microsoft Corporation)
Task: {DA72F29E-EEBD-443A-AC0D-FFA80D3FE39F} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {E6C3D4DC-B3A2-4C77-BD1A-DB7250601E4C} - System32\Tasks\ABRC_RegularCheck => C:\Program Files (x86)\RegistryCleaner\RegistryCleaner.exe [2016-09-26] (Ascora GmbH)
Task: {F4CFA098-7BD1-4866-ACEE-8FA7D0AB4318} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-22] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-13 20:49 - 2017-06-03 12:01 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-10-05 13:15 - 2016-10-05 13:15 - 00107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-05 13:15 - 2016-10-05 13:15 - 00412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2017-01-03 17:49 - 2017-06-21 09:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-02 21:01 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:40 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:41 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:41 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:41 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 20:48 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 20:48 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-13 15:31 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 14:40 - 2017-06-21 14:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 14:40 - 2017-06-21 14:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-27 14:52 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 14:52 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-10-04 18:09 - 2016-10-04 18:09 - 00253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2017-06-21 14:39 - 2017-06-21 14:40 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-21 14:39 - 2017-06-21 14:40 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-18 18:16 - 2017-06-18 18:17 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-18 18:16 - 2017-06-18 18:17 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-08 14:40 - 2017-06-08 14:40 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-18 18:16 - 2017-06-18 18:17 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-01-02 10:51 - 2017-01-02 10:51 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-18 18:16 - 2017-06-18 18:17 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 14:35 - 2017-05-09 14:36 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-17 00:34 - 2016-07-17 00:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-08 14:40 - 2017-06-08 14:40 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 13:40 - 2017-06-22 13:40 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 13:40 - 2017-06-22 13:40 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-03-18 10:43 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-05-17 16:02 - 2017-05-17 16:02 - 02493440 _____ () D:\Origin\libGLESv2.dll
2017-01-03 17:49 - 2017-06-21 09:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-13 15:31 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-01-09 21:15 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-01-09 21:15 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-01-09 21:15 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-01-09 21:15 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-03 17:49 - 2017-06-21 09:06 - 66837112 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-05-01 17:07 - 2017-07-04 21:43 - 00189040 _____ () C:\Users\toombar PC\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-01-09 21:16 - 2017-05-08 21:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 13:42 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-01-09 21:15 - 2017-06-08 07:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-20 02:28 - 2016-10-20 02:28 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-01 21:13 - 2017-07-08 15:39 - 00000753 _____ C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4143605839-527040269-2466945285-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\StartupFolder: => "GoogleUpdate.lnk"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\StartupFolder: => "TeamViewer 12.lnk"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "Internet Download Accelerator"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-4143605839-527040269-2466945285-1001\...\StartupApproved\Run: => "IDMan"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BB87FC1-7ADE-489F-9D4F-B8040F43995A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AE420C2-70CD-468E-9F8B-7AA15C03AB77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0C56CAC2-8D27-48FD-96F6-5F2B6F2A0E25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BB6D2ECE-87A2-4869-BBAE-215A940DC7DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{054994F0-3D6C-44D8-9F0A-3088ECF85AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A06208B1-51B1-4216-B5E5-6B32C4B87F15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{542FB5E4-7E04-4B8E-9FB4-D77E35E4C281}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{6E020CC2-F01E-4CF6-BA70-1E8207543871}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2006F230-F773-476E-8808-981D327D18FF}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3BB9D368-A439-424F-92B1-5547CB5BDA91}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6F832742-179A-442B-86B9-2D18CDCF4D3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F7D1996-7891-4DD0-B028-1D23520EC21E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03E3F36C-22B4-44EE-B088-2B3BADA62CAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FF94A641-F0D8-4488-BF30-E035A7DE78DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{970C9A08-A9EC-4C2D-925B-2BA0EF5AAAF1}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{0DEBFC3B-0F33-4155-B211-BDFF49F2892A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{A1EBA1A0-6DC3-4EA3-9DE7-9647B425DF96}] => (Allow) LPort=26789
FirewallRules: [{5415E77C-7A3D-4CAD-A77F-E997A9AB6821}] => (Allow) D:\Hry\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{C84A1A03-F355-41A7-839A-DB5A4152FBCE}] => (Allow) D:\Hry\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{C710728D-5345-44B8-BC74-2720F2DD7F33}] => (Allow) D:\Hry\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{6E5BC75F-825C-45D5-B9F1-535C85DF9E55}] => (Allow) D:\Hry\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{BAA12E25-C3B1-4EEC-AFE7-95FEA37D797F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6EBB338B-2487-47E2-9E23-CA9746D1DFDA}] => (Allow) C:\Program Files (x86)\devolo\informer\devinf.exe
FirewallRules: [{8A401C9F-A52D-4E5F-AC23-B4035AA7D18F}] => (Allow) C:\Program Files (x86)\devolo\informer\devinf.exe
FirewallRules: [{8446E624-A84A-4A01-BE84-34E7E66C5947}] => (Allow) C:\Program Files (x86)\devolo\easyshare\easyshare.exe
FirewallRules: [{613463AE-D325-4A84-B964-EFCEF048F66F}] => (Allow) C:\Program Files (x86)\devolo\easyshare\easyshare.exe
FirewallRules: [{8F0C27FD-FC3F-440E-990E-06D271BBF254}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4E686FA2-97B6-4E87-8AE2-9843F1920BA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B1BB7B94-B859-4BE2-9C39-48DC7864D4E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B360DB71-416D-4F9B-B89A-9A3340747C1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{02DD9530-32F3-4020-80CA-448B151EA13C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0296D34D-F3DC-4080-92EC-19FB311C9AA2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BAE92C30-82FF-4600-98A5-B5C3FAE302E7}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe

==================== Restore Points =========================

03-07-2017 22:12:14 RegistryCleaner 03.07.2017 22:12:14
04-07-2017 08:59:00 Before uninstalling TAP-Windows 9.21.2
04-07-2017 09:12:20 Before uninstalling CyberGhost 6
05-07-2017 16:39:16 RegistryCleaner 05.07.2017 16:39:16
05-07-2017 16:48:39 Installed Copernic Desktop Search 6
05-07-2017 16:56:12 Before uninstalling Copernic Desktop Search 6
06-07-2017 09:41:54 Before uninstalling Kodi
07-07-2017 21:54:13 Before uninstalling IObit Malware Fighter 5
08-07-2017 10:30:53 JRT Pre-Junkware Removal
08-07-2017 15:38:52 zoek.exe restore point
08-07-2017 15:58:58 Before uninstalling Malwarebytes verze 3.1.2.1733

==================== Faulty Device Manager Devices =============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2017 03:59:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 3.0.0.1068, časové razítko: 0x59125d35
Název chybujícího modulu: Qt5Core.dll, verze: 5.6.2.0, časové razítko: 0x58ed4d4f
Kód výjimky: 0xc0000005
Posun chyby: 0x001a9fd6
ID chybujícího procesu: 0x2978
Čas spuštění chybující aplikace: 0x01d2f7f25f289365
Cesta k chybující aplikaci: D:\Malware bytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: D:\Malware bytes\Anti-Malware\Qt5Core.dll
ID zprávy: 3d440741-730c-4f8b-a66a-dff5ade7de83
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/08/2017 03:59:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (07/08/2017 03:52:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (07/08/2017 03:38:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (07/08/2017 03:38:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary IMFCameraProtect.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (07/08/2017 10:30:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (07/08/2017 10:30:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary IMFCameraProtect.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (07/08/2017 10:12:24 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (07/08/2017 10:12:11 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů rdyboost. První čtyři bajty (DWORD) datové sekce obsahují kód chyby systému Windows.

Error: (07/07/2017 09:54:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (07/08/2017 03:53:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Intel(R) Online Connect Helper bylo dosaženo časového limitu (60000 ms).

Error: (07/08/2017 03:52:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ANQTDIM)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/08/2017 03:52:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/08/2017 03:48:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/08/2017 03:48:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/08/2017 03:48:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/08/2017 03:48:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/08/2017 03:48:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/08/2017 12:22:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/08/2017 10:31:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2017-07-07 20:00:27.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-07-07 19:58:11.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-07-05 17:01:37.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-07-03 22:41:12.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Modules\em023_64\10445\em023_64.dll.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:41:11.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Modules\em023_64\10445\em023_64.dll.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:38.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod7D44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:38.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod7D44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:37.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod6A44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:37.678
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod6A44.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-03 22:32:36.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod5E08.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 44%
Total physical RAM: 16344 MB
Available physical RAM: 9055.2 MB
Total Virtual: 32728 MB
Available Virtual: 24855.94 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:3 GB) (Free:2.98 GB) NTFS
Drive c: () (Fixed) (Total:223.57 GB) (Free:59.18 GB) NTFS
Drive d: () (Fixed) (Total:930.97 GB) (Free:639.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 72232B3D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 9CC853E6)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[cunik.cz]

Jinak kromně toho že se mi teď sám otevřel ten log co jsem sem dával tak se PC chová normálně.

[sorcer]

Redirect - přesměrovává. Tím se liší. Problém je, že lze "snadno" sledovat, kde brouzdáte, při nešifrovaném přenosu a pohybu na podvžených webech i komplet data, která zadáváte. Přesměrován jste, většinou, na jiným způsobem zamořené webovky, ze kterých do Pc, po Vašem odkliknutí super nabídky či odkazu, je opět protlačena další havěť a tak stále dokola.

Proto, jak už sem psal, buďte více než obezřetný při serfování po netu a hledání "kvalitního" obsahu.


Další FIXLOG

1) Obsah fixu níže, nakopírujte do Notepadu + uložte jej jako: fixlist.txt
2) Soubor uložte na stejné místo, kde má aktuálně utilitu FRST

Kód: Vybrat vše

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

FF Extension: (No Name) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\extensions\ascsurfingprotectionnew@iobit.com.xpi [not found]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

ShortcutTarget: GoogleUpdate.lnk -> C:\Users\toombar PC\AppData\Local\Temp\Chrome Updates\SeachEngine.exe (No File)
ShortcutTarget: AIDA64 Extreme.lnk -> C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (No File)

ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

FirewallRules: [{0296D34D-F3DC-4080-92EC-19FB311C9AA2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BAE92C30-82FF-4600-98A5-B5C3FAE302E7}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{A1EBA1A0-6DC3-4EA3-9DE7-9647B425DF96}] => (Allow) LPort=26789
END

3) Spusťte FRST a kliněte na tlačítko FIX
4) Restartujte PC.
5) Sledujte PC, jak se chová
6) Obsah FIXLOGU postněte sem do Vašeho topicu

[cunik.cz]

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by toombar PC (09-07-2017 16:11:29) Run:3
Running from C:\Users\toombar PC\Desktop
Loaded Profiles: toombar PC (Available Profiles: defaultuser0 & toombar PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

FF Extension: (No Name) - C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\extensions\ascsurfingprotectionnew@iobit.com.xpi [not found]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

ShortcutTarget: GoogleUpdate.lnk -> C:\Users\toombar PC\AppData\Local\Temp\Chrome Updates\SeachEngine.exe (No File)
ShortcutTarget: AIDA64 Extreme.lnk -> C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (No File)

ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

FirewallRules: [{0296D34D-F3DC-4080-92EC-19FB311C9AA2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BAE92C30-82FF-4600-98A5-B5C3FAE302E7}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{A1EBA1A0-6DC3-4EA3-9DE7-9647B425DF96}] => (Allow) LPort=26789
END
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\Users\toombar PC\AppData\Roaming\Mozilla\Firefox\Profiles\xy92jgbi.default\extensions\ascsurfingprotectionnew@iobit.com.xpi => path removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
C:\Users\toombar PC\AppData\Local\Temp\Chrome Updates\SeachEngine.exe => not found.
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe => not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Genie-Soft Timeline Backup Context Menu Extension => key removed successfully
HKLM\Software\Classes\CLSID\{D821600B-0B5D-4D7E-B1CC-034C652E8288} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0296D34D-F3DC-4080-92EC-19FB311C9AA2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAE92C30-82FF-4600-98A5-B5C3FAE302E7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1EBA1A0-6DC3-4EA3-9DE7-9647B425DF96} => value not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17117028 B
Java, Flash, Steam htmlcache => 129077330 B
Windows/system/drivers => 608403 B
Edge => 105466 B
Chrome => 726724045 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 10240 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 15506 B
NetworkService => 0 B
defaultuser0 => 0 B
toombar PC => 133798018 B

RecycleBin => 0 B
EmptyTemp: => 960.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:11:46 ====

[cunik.cz]

No to je teda nadělení. Ale poslední dobou jsem si všiml že mně to po chvilce všude odhlašuje. Zejména tady. Dneska jsem si tedy ničeho moc nevšiml ale myslíte že bych si měl změnit heslo na FB a Google účtu? protože tam jsem se přihlašoval. Jo a to přesměrování sedí. Nedávno jsem něco stahoval přes ZippyShare a otevřela se mi další stránka že mi Eset zablokoval trojského koně Chromex. Takže asi tak. A je možno že jsem to mohl dostat z nějaké stránky kde jsou vyskakovací okna?

[sorcer]

Změnou hesel rozhodně nic nezkazíte. Ano, je to možné.
Buďte opatrný - software a média "zadarmo" jsou často místy nákazy.
Stahujte z ověřených a seriózních zdrojů. Pochybným se vyhněte.

Uklidime:

1) Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
2) Oznacte pouze moznost "Remove disinfection tools"
3) Klik na Run