Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

prosim o kontrolu logu

#1 Příspěvek od jarek26 »

dobry den,
prosim o kontrolu logu z rsit
dakujem
log:

Logfile of random's system information tool 1.16 (written by random/random)
Run by Jarda at 2018-07-22 18:04:56
Microsoft Windows 8
System drive C: has 5 GB (1%) free of 699 GB
Total RAM: 3911 MB (67% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:03, on 22.7.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Jarda_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart ... 1205__yaie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Unknown owner - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: QMEmulatorService - Tencent - C:\Users\Jarda\Saved Games\Pump mobile\TxGameAssistant\AppMarket\QMEmulatorService.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMService - IObit - C:\Program Files (x86)\IObit\Classic Start\SMService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Wondershare - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe

--
End of file - 10549 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Users\Jarda\Saved Games\Pump mobile\TxGameAssistant\AppMarket\QMEmulatorService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe"
C:\Windows\system32\dashost.exe
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Elantech\ETDService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
C:\Windows\RfBtnSvc64.exe
"C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"c:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window --enable-setforeground-window --enable-kbhook-window
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
"C:\Program Files (x86)\Launch Manager\LManager.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:513
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\system32\msiexec.exe /V
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.0.1566088912\1065829621" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\Jarda\AppData\LocalLow\Mozilla\Temp-{32b6f6e3-5d9e-4424-8cc8-bd5233c83ae0}" 1064 "\\.\pipe\gecko-crash-server-pipe.1064" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.1.1280906407\794508453" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{32b6f6e3-5d9e-4424-8cc8-bd5233c83ae0}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 1064 "\\.\pipe\gecko-crash-server-pipe.1064" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.13.1029100136\1909089827" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{32b6f6e3-5d9e-4424-8cc8-bd5233c83ae0}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 1064 "\\.\pipe\gecko-crash-server-pipe.1064" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.20.1624243533\1054757271" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{32b6f6e3-5d9e-4424-8cc8-bd5233c83ae0}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 1064 "\\.\pipe\gecko-crash-server-pipe.1064" tab
"C:\Users\Jarda\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\Windows\tasks\StartMenu8_Start.job - C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe
C:\Windows\system32\tasks\Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe -check plugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\ALU - C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto
C:\Windows\system32\tasks\ALUAgent - C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
C:\Windows\system32\tasks\CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\DeviceDetector - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files (x86)\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
C:\Windows\system32\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
C:\Windows\system32\tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
C:\Windows\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
C:\Windows\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\Windows\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\Windows\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\Windows\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\Windows\system32\tasks\Power Management - "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
C:\Windows\system32\tasks\StartMenu8_Start - C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2214875189-3760211905-2910999632-1002 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\Setup\8.1 auto install ping - %windir%\system32\AutoUpdate.exe /Ping
C:\Windows\system32\tasks\Microsoft\Windows\Setup\8.1 auto install v2 - C:\Windows\System32\AutoUpdate.exe /Auto
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\kc9o04ej.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.134 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.134 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll


C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\kc9o04ej.default\addons.json

C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\kc9o04ej.default\extensions.json
Application Update Service Helper - extension - aushelper@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Web Compat - extension - webcompat@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Firefox Screenshots - extension - screenshots@mozilla.org -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
IDM Integration Module - webextension - mozilla_cc3@internetdownloadmanager.com -

C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\kc9o04ej.default\pluginreg.dat
Plugin - Shockwave Flash - 30.0.0.134 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
"Path"=C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={42F02A82-1141-4AF7-8599-D7C2407F4066}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42F02A82-1141-4AF7-8599-D7C2407F4066}]
"URL"=http://www.bing.com/search?q={searchTer ... &pc=MAARJS


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={42F02A82-1141-4AF7-8599-D7C2407F4066}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{42F02A82-1141-4AF7-8599-D7C2407F4066}]
"URL"=http://www.bing.com/search?q={searchTer ... &pc=MAARJS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14 528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14 453688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2012-06-28 650648]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-05-22 2890056]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-06-24 18385368]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2018-01-14 4091960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-23 56128]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\str]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"midi6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"midi8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-07-22 18:04:56 ----D---- C:\rsit
2018-07-08 13:02:12 ----D---- C:\ProgramData\Origin
2018-07-05 12:06:43 ----A---- C:\Windows\system32\drivers\SET3CFB.tmp
2018-07-05 08:27:03 ----D---- C:\Program Files\trend micro

====== List of files/folders modified in the last 1 month ======

2018-07-22 18:05:03 ----D---- C:\Windows\Prefetch
2018-07-22 18:02:57 ----D---- C:\Users\Jarda\AppData\Roaming\IDM
2018-07-22 18:00:10 ----D---- C:\Windows\system32\sru
2018-07-22 17:55:57 ----D---- C:\Users\Jarda\AppData\Roaming\DMCache
2018-07-22 17:33:29 ----SHD---- C:\System Volume Information
2018-07-22 15:44:30 ----D---- C:\Users\Jarda\AppData\Roaming\MPC-HC
2018-07-22 15:44:30 ----D---- C:\Program Files (x86)\Steam
2018-07-22 15:44:14 ----D---- C:\Windows\debug
2018-07-22 15:01:19 ----SHD---- C:\Windows\Installer
2018-07-22 15:01:19 ----SHD---- C:\Config.Msi
2018-07-22 15:01:19 ----D---- C:\Windows\Temp
2018-07-22 14:53:43 ----D---- C:\Windows\system32\catroot2
2018-07-22 12:32:16 ----RD---- C:\Windows\System32
2018-07-22 12:32:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-07-22 12:32:15 ----D---- C:\Windows\Inf
2018-07-22 12:25:59 ----D---- C:\ProgramData\NVIDIA
2018-07-22 10:29:06 ----D---- C:\Windows\Microsoft.NET
2018-07-15 10:55:19 ----D---- C:\Windows\system32\Tasks
2018-07-14 15:24:35 ----D---- C:\Program Files\CCleaner
2018-07-14 06:17:55 ----D---- C:\Windows\SysWOW64
2018-07-14 06:17:48 ----D---- C:\Windows\system32\Macromed
2018-07-14 06:17:46 ----D---- C:\Windows\SYSWOW64\Macromed
2018-07-14 06:10:19 ----D---- C:\Windows\system32\NDF
2018-07-08 13:02:12 ----HD---- C:\ProgramData
2018-07-08 11:43:35 ----D---- C:\Windows
2018-07-08 07:58:28 ----A---- C:\Windows\SYSWOW64\log.txt
2018-07-08 07:24:28 ----SD---- C:\Users\Jarda\AppData\Roaming\Microsoft
2018-07-08 07:24:26 ----RD---- C:\Program Files (x86)
2018-07-07 08:02:01 ----D---- C:\Windows\system32\Drivers
2018-07-05 08:27:03 ----RD---- C:\Program Files
2018-07-05 05:28:01 ----D---- C:\ProgramData\ProductData
2018-06-24 16:40:17 ----D---- C:\Users\Jarda\AppData\Roaming\Atheros
2018-06-23 16:31:37 ----D---- C:\Windows\Logs
2018-06-23 16:29:20 ----RSD---- C:\Windows\assembly

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2017-01-25 47032]
R1 gtkrnl;gtkrnl; C:\Windows\System32\drivers\gtkrnl.sys [2018-04-19 126856]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-06-17 27552]
R1 MpKsl91945ea9;MpKsl91945ea9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD29119C-C01A-439E-8551-199E4F9685CD}\MpKsl91945ea9.sys [2018-07-14 58120]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2017-09-26 277904]
R2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2017-09-26 228000]
R2 aow_drv;aow_drv; \??\C:\Users\Jarda\Saved Games\Pump mobile\TxGameAssistant\UI\aow_drv_x64.sys [2018-05-04 772600]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2017-05-17 314016]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2017-12-29 226024]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2017-05-17 43680]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 AthBTPort;@oem75.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-07 89800]
R3 athr;@oem9.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-01-21 3747840]
R3 b57xdbd;@oem7.inf,%bcmxd_16bf_svcd%;Broadcom xD Picture Bus Driver Service; C:\Windows\System32\drivers\b57xdbd.sys [2012-08-13 72280]
R3 b57xdmp;@oem7.inf,%BXD_SVCDESC%;Broadcom xD Picture vstorp client drv; C:\Windows\System32\drivers\b57xdmp.sys [2012-08-13 21080]
R3 bScsiMSa;bScsiMSa; C:\Windows\System32\drivers\bScsiMSa.sys [2012-06-19 55384]
R3 bScsiSDa;bScsiSDa; C:\Windows\System32\drivers\bScsiSDa.sys [2013-04-10 84688]
R3 BTATH_A2DP;@oem72.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-07 338120]
R3 btath_avdt;@oem72.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-07 116424]
R3 BTATH_BUS;@oem19.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-07 34384]
R3 BTATH_HCRP;@oem79.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-07 179432]
R3 BTATH_LWFLT;@oem81.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-07 77464]
R3 BTATH_RCP;@oem83.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-07 137928]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-09-07 594120]
R3 BthEnum;@tdibth.inf,%BthEnum.DisplayName%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 gcdbus;@oem22.inf,%gcdbus_SvcDesc%;Driver for gBurner SCSI Host Controller; C:\Windows\System32\drivers\gcdbus.sys [2017-01-10 167424]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-12-27 3802024]
R3 k57nd60a;@netk57a.inf,%SvcDispName%;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2012-06-02 425472]
R3 MEIx64;@oem8.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 nvvhci;@oem134.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\Windows\System32\drivers\nvvhci.sys [2017-06-08 57792]
R3 Ps2Kb2Hid;@oem23.inf,%Ps2Kb2Hid.SVCDESC%;PS/2 Keyboard to HID Driver; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [2018-01-28 26736]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-29 31032]
R3 SynTP;@oem12.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-11-29 464184]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-16 645952]
S1 160WifiNetPro;160WifiNetPro; \??\C:\Users\Jarda\Desktop\DTLSoft\160wifi\160WifiNetPro64.sys []
S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys [2018-03-04 125440]
S1 QMInjector64;QMInjector64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMInjector64.sys []
S1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMUdisk64.sys []
S3 ApfiltrService;@oem25.inf,%Filter.SvcDesc%;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2012-07-02 446840]
S3 BCM43XX;@netbc63a.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl63a.sys [2012-06-02 5139968]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 dg_ssudbus;@oem64.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS []
S3 ETD;@oem13.inf,%PS2.DeviceDesc%;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2013-05-22 377160]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
S3 IntcDAud;@oem128.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2017-01-25 14073392]
S3 ssudmdm;@oem65.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S3 usbser;@oem20.inf,%USBFilterString%;ELPRO Libero USB Device; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S4 nvvad_WaveExtensible;@oem131.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-02-20 2615368]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-10 350544]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2013-05-22 101192]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2017-12-27 320472]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14 523152]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2018-03-14 470416]
R2 QMEmulatorService;QMEmulatorService; C:\Users\Jarda\Saved Games\Pump mobile\TxGameAssistant\AppMarket\QMEmulatorService.exe [2018-05-09 342776]
R2 RfButtonDriverService;Dritek RF Button Command Service; C:\Windows\RfBtnSvc64.exe [2018-01-28 93296]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-01-16 752224]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-03-16 662088]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 DigitalWave.Update.Service;Digital Wave Update Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe []
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-16 7168]
S2 SMService;SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [2017-01-16 1077536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14 335872]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2014-05-27 67224]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-12-27 485848]
S3 DeviceFastLaneService;Device Fast-lane Service; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-08-22 468624]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 MBAMService;Malwarebytes Service; C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [2017-08-07 6058960]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-12-15 1644832]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Odporucam nepouzivat a odinstalovat vsetky programy od IObit (Driver Booster, Advanced SystemCare, atd) - su to cinske smejdy, ktore mozu poskodit system.

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#3 Příspěvek od jarek26 »

dobry den,
posielam log z advancedcleaner.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-07-12.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-28-2018
# Duration: 00:00:10
# OS: Windows 8
# Cleaned: 40
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\ESTsoft
Deleted C:\Users\Jarda\AppData\Roaming\ESTsoft
Deleted C:\ProgramData\IObit\ASCDownloader
Not Deleted C:\ProgramData\Tencent
Deleted C:\Program Files\Common Files\Tencent
Deleted C:\Program Files (x86)\Tencent
Deleted C:\Program Files (x86)\Common Files\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted C:\Users\Jarda\AppData\Roaming\Tencent
Deleted C:\Program Files (x86)\lavasoft\web companion

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\rnd_chunk.bin
Deleted C:\Windows\System32\drivers\TFsFltX64.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Deleted HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Deleted HKLM\Software\Wow6432Node\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9FB1B7B9-E5E9-4031-A9C4-65EF98A7A0DF}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BB98ACBA-6892-4A32-AB67-7563DCED423E}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F340BCE2-F0DF-4506-B301-4F43216BCC48}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{51354154-D26B-4D1A-9A1F-3E73E20FABCD}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{26010530-D01F-4BF9-89B0-A522C90A7AB4}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8DF680EE-BD74-4BB8-87A6-71B819ED489C}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B234F3E-E2FB-459D-9D65-06485CE342AA}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D4154F9C-BC3D-487A-AC47-AE93697BF5B1}
Deleted HKLM\Software\Classes\METNSD
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5573 octets] - [28/07/2018 15:08:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#5 Příspěvek od jarek26 »

dobry den,
stiahol som si program FRSTLauncher,ale ak ho spustim tak mi vypise hlasku ,ze vami stazeny frst64.exe se nenachadi na plose,presunte jej tam prosim a pak znovu spustite frstlauncher,ale je na ploche tak neviem ako dalej.a vytvorilo mi na ploche LM subor ako.bat.ako dalej postupovat.ä
dakujem

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#6 Příspěvek od Conder »

:arrow: FRST64.exe aj FRSTLauncher.exe musi byt ulozeny na ploche.

:arrow: Ak by s tym boli stale problemy, tak spusti iba samotny FRST64.exe a klikni na Scan a posli obidva vytvorene logy.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#7 Příspěvek od jarek26 »

dobry den,
posielam logy :
frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Jarda (administrator) on JAROSLAV (04-08-2018 08:26:23)
Running from C:\Users\Jarda\Desktop
Loaded Profiles: Jarda (Available Profiles: Jarda & Administrator)
Platform: Windows 8 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(forum.viry.cz) C:\Users\Jarda\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-06-28] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4091960 2018-01-14] (Tonec Inc.)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [330240 2012-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.1.20
Tcpip\..\Interfaces\{D306E670-806E-4FA4-BE11-1FA0DBA4EBBC}: [DhcpNameServer] 192.168.88.1 192.168.1.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: kc9o04ej.default
FF ProfilePath: C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\kc9o04ej.default [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\kc9o04ej.default -> hxxps://www.google.sk/
FF NewTab: Mozilla\Firefox\Profiles\kc9o04ej.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__171205__yaff
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-01-13]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jarda\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Jarda\AppData\Roaming\IDM\idmmzcc5 [2018-02-10] [Legacy] [not signed]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-13]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-05-22] (ELAN Microelectronics Corp.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [320472 2017-12-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2018-01-28] (Dritek System INC.)
S2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [118496 2017-08-10] (Wondershare)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2018-03-04] () [File not signed]
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2017-09-26] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2017-09-26] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2017-05-17] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 gcdbus; C:\Windows\System32\drivers\gcdbus.sys [167424 2017-01-10] (Power Software Ltd)
R1 gtkrnl; C:\Windows\System32\drivers\gtkrnl.sys [126856 2018-04-19] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-17] (REALiX(tm))
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2017-05-17] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-08] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2018-01-28] (Dritek System Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2000-08-09] () [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S1 160WifiNetPro; \??\C:\Users\Jarda\Desktop\DTLSoft\160wifi\160WifiNetPro64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S1 MpKsl91945ea9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD29119C-C01A-439E-8551-199E4F9685CD}\MpKsl91945ea9.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S1 QMInjector64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMInjector64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMUdisk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Smart PC Utilities\Game Fire\GameFire.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 08:26 - 2018-08-04 08:26 - 000033235 _____ C:\Users\Jarda\Desktop\FRST3.txt
2018-08-04 08:24 - 2018-08-04 08:26 - 000046430 _____ C:\Users\Jarda\Desktop\Addition.txt
2018-08-04 08:23 - 2018-08-04 08:26 - 000015260 _____ C:\Users\Jarda\Desktop\FRST.txt
2018-08-04 08:22 - 2018-08-04 08:26 - 000000000 ____D C:\FRST
2018-08-04 07:51 - 2018-08-04 08:22 - 1052640529 _____ C:\Users\Jarda\Desktop\Nikdy ťa neopustím 153 + 154 SK - HD 1280x720 (30.7 2018).avi.MP4
2018-08-04 07:48 - 2018-08-04 07:50 - 000000000 ____D C:\Users\Jarda\Desktop\4.8.2018p
2018-08-04 07:43 - 2018-08-04 08:05 - 985613743 _____ C:\Users\Jarda\Desktop\Nikdy ťa neopustím 151 + 152 SK - HD 1280x720 (26.7 2018).avi.MP4
2018-08-04 06:55 - 2018-08-04 07:34 - 550266972 _____ C:\Users\Jarda\Desktop\Nikdy ťa neopustím 150 SK - HD 1280x720 (25.7. 2018).avi.MP4
2018-08-04 06:51 - 2018-08-04 06:51 - 002412544 _____ (Farbar) C:\Users\Jarda\Desktop\FRST64.exe
2018-08-04 06:15 - 2018-08-04 06:24 - 197580346 _____ C:\Users\Jarda\Desktop\Sága Romů 1950-2000 - dokument 2001, CZ.avi.MP4
2018-08-04 00:23 - 2018-08-04 07:48 - 000000000 ____D C:\Users\Jarda\Desktop\4.8.2018
2018-08-03 22:40 - 2018-08-03 22:41 - 009537328 _____ C:\Users\Jarda\Desktop\alternate-file-shredder_2.280.exe
2018-08-03 22:40 - 2018-08-03 22:41 - 009441855 _____ C:\Users\Jarda\Desktop\alternate-splitter_1.440.exe
2018-08-03 21:44 - 2018-08-03 21:44 - 000112640 _____ (forum.viry.cz) C:\Users\Jarda\Desktop\FRSTLauncher.exe
2018-07-29 23:36 - 2018-07-29 23:36 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Blaiz Entertainment
2018-07-29 23:33 - 2018-07-29 23:33 - 000000000 ____D C:\Users\Jarda\AppData\Local\ThiefProto
2018-07-29 23:23 - 2018-07-29 23:23 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Redbeet Interactive
2018-07-29 23:07 - 2018-07-29 23:10 - 614713939 _____ C:\Users\Jarda\Desktop\Katy And Bob 3 - Cake Cafe Collector's Edition.rar
2018-07-29 22:20 - 2018-07-29 22:20 - 000000000 ____D C:\Users\Jarda\Desktop\Beach.Restaurant
2018-07-29 22:20 - 2018-07-29 22:20 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Hulio
2018-07-29 22:19 - 2018-07-29 22:19 - 000000000 ____D C:\Users\Jarda\Desktop\Paris Jewelry Shop
2018-07-29 22:19 - 2018-07-29 22:19 - 000000000 ____D C:\Users\Jarda\Desktop\Ion.Maiden.GOG
2018-07-29 22:19 - 2018-07-29 22:19 - 000000000 ____D C:\Users\Jarda\Desktop\Farmland
2018-07-29 22:18 - 2018-07-29 22:18 - 000000000 ____D C:\Users\Jarda\Desktop\Farm.Mania.Hot.Vacation
2018-07-29 22:18 - 2018-07-29 22:18 - 000000000 ____D C:\Users\Jarda\Desktop\Farm.Mania.2
2018-07-29 22:17 - 2018-07-29 22:17 - 000000000 ____D C:\Users\Jarda\Desktop\Mission.Escape.from.Island
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\Fit Club
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\Fish.Tycoon.2.Virtual.Aquarium
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\Criminal.Bundle
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\Crash.Burn.Racing
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\Brutal Duke Nukem 3D
2018-07-29 22:16 - 2018-07-29 22:16 - 000000000 ____D C:\Users\Jarda\Desktop\5.Star.Hawaii.Resort
2018-07-29 22:09 - 2018-07-29 23:42 - 000000000 ____D C:\Users\Jarda\Desktop\My.Safe.House
2018-07-29 22:09 - 2018-07-29 22:09 - 000000000 ____D C:\Users\Jarda\Desktop\Wrongworld.v1.0.1
2018-07-29 22:09 - 2018-07-29 22:09 - 000000000 ____D C:\Users\Jarda\Desktop\VTree.Beach.Volleyball
2018-07-29 22:09 - 2018-07-29 22:09 - 000000000 ____D C:\Users\Jarda\Desktop\Slipstream
2018-07-29 22:09 - 2018-07-29 22:09 - 000000000 ____D C:\Users\Jarda\Desktop\High.Speed.Trains
2018-07-29 22:06 - 2018-07-29 22:06 - 000000000 ____D C:\Users\Jarda\Desktop\Katy And Bob 3 - Cake Cafe Collector-'s Edition
2018-07-29 22:05 - 2018-07-29 22:05 - 000000000 ____D C:\Users\Jarda\Desktop\Sallys.Salon.Kiss.Make.Up
2018-07-29 22:05 - 2018-07-29 22:05 - 000000000 ____D C:\Users\Jarda\Desktop\Sally Salon 3 - Kiss And Make-Up CE
2018-07-29 22:01 - 2018-07-29 22:02 - 000000000 ____D C:\Users\Jarda\Desktop\The_Island_2
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\Without Escape
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\SharkSimulator
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\Sea.of.memories
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\Mary.le.Chef.Cooking.Passion
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\Jurassic.Safari.Hunt
2018-07-29 22:01 - 2018-07-29 22:01 - 000000000 ____D C:\Users\Jarda\Desktop\Happy Chef 3. Collectors Edition
2018-07-29 21:56 - 2018-07-29 21:56 - 000000000 ____D C:\Users\Jarda\Desktop\Scooby.Doo.and.Looney.Tunes.Cartoon.Universe.Adventure
2018-07-29 21:56 - 2018-07-29 21:56 - 000000000 ____D C:\Users\Jarda\Desktop\Horizon.Chase.Turbo
2018-07-29 21:56 - 2018-07-29 21:56 - 000000000 ____D C:\Users\Jarda\Desktop\DukeNuke3D.Megaton.Edition
2018-07-29 21:56 - 2018-07-29 21:56 - 000000000 ____D C:\Users\Jarda\Desktop\Duke.Nukem.1.2.3D.Manhattan.Project.GOG
2018-07-29 21:52 - 2018-07-29 21:52 - 000000000 ____D C:\Users\Jarda\Desktop\Gorky Zero 2 - Aurora Watching No-Install (TiZ)
2018-07-29 21:52 - 2018-07-29 21:52 - 000000000 ____D C:\Users\Jarda\Desktop\Fabulous.Angelas.Wedding.Disaster.Deluxe
2018-07-28 15:52 - 2018-07-28 15:52 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Side B Gaming
2018-07-28 15:48 - 2018-07-28 15:48 - 000000000 ____D C:\Users\Jarda\Documents\Guts and Glory Screenshots
2018-07-28 15:46 - 2018-07-28 15:46 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\HakJak Productions LLC
2018-07-28 15:41 - 2018-07-28 15:41 - 000000000 ____D C:\Users\Jarda\AppData\Local\the_end_
2018-07-28 09:47 - 2018-07-28 09:55 - 242804246 _____ C:\Users\Jarda\Desktop\SharkSimulator.zip
2018-07-28 05:04 - 2018-07-28 05:04 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\ARVI Games
2018-07-22 19:45 - 2018-07-22 19:45 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Cheesecake
2018-07-22 19:42 - 2018-07-22 19:42 - 000000000 ____D C:\Users\Jarda\AppData\Local\Reveal
2018-07-22 19:41 - 2018-07-22 19:41 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\wezor
2018-07-22 19:35 - 2018-07-22 19:35 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\S&COR Games
2018-07-22 19:04 - 2018-07-22 19:04 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Creative Pudding Hungary Llc_
2018-07-22 18:04 - 2018-07-22 18:05 - 000000000 ____D C:\rsit
2018-07-22 18:00 - 2018-07-22 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killing Floor
2018-07-22 17:27 - 2018-07-22 17:27 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\BovalexGames
2018-07-22 17:22 - 2018-07-22 17:22 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Strange Fire
2018-07-22 17:10 - 2018-07-22 17:10 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Light Road Games
2018-07-22 15:04 - 2018-07-22 15:18 - 274407665 _____ C:\Users\Jarda\Desktop\Without Escape.rar
2018-07-22 14:44 - 2018-07-22 14:44 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Outright Games Ltd
2018-07-22 11:12 - 2018-07-22 11:12 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Red Meat Games Inc
2018-07-14 11:42 - 2018-07-14 11:43 - 408547072 _____ C:\Users\Jarda\Desktop\brom.rar
2018-07-14 08:07 - 2018-07-14 08:42 - 700314517 _____ C:\Users\Jarda\Desktop\The Masseuse.MP4
2018-07-08 13:16 - 2018-07-08 13:16 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\AntPeakGames
2018-07-08 13:02 - 2018-07-08 13:02 - 000000000 ____D C:\ProgramData\Origin
2018-07-08 11:44 - 2018-07-08 11:44 - 000000000 ____D C:\Users\Jarda\Documents\Game Guru Files
2018-07-08 10:48 - 2018-07-08 11:12 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\ANPA_US
2018-07-08 10:43 - 2018-07-08 10:43 - 000000000 ____D C:\Users\Jarda\AppData\Local\PT
2018-07-08 10:01 - 2018-07-08 10:01 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Filippo Donelli
2018-07-08 08:56 - 2018-07-08 08:57 - 000000000 ____D C:\Users\Jarda\Documents\gRally
2018-07-08 08:56 - 2018-07-08 08:57 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\ghiboz_com
2018-07-08 08:56 - 2018-07-08 08:57 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\ghiboz.com
2018-07-08 08:11 - 2018-07-08 08:11 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\NilsJakrins
2018-07-08 07:39 - 2018-07-08 07:39 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Ragdoll Inc
2018-07-07 19:57 - 2018-07-07 19:57 - 000000000 ____D C:\Users\Jarda\AppData\Local\Gearbox
2018-07-07 19:18 - 2018-07-07 19:18 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Ondrej Svadlena
2018-07-07 18:29 - 2018-07-07 18:29 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Reflect Studios
2018-07-07 12:09 - 2018-07-07 12:09 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Empyrean
2018-07-05 12:06 - 2018-07-05 12:06 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3CFB.tmp
2018-07-05 09:05 - 2018-07-05 09:19 - 217399857 _____ C:\Users\Jarda\Desktop\Jurassic.Safari.Hunt.rar
2018-07-05 09:05 - 2018-07-05 09:17 - 167062248 _____ C:\Users\Jarda\Desktop\VTree.Beach.Volleyball.rar
2018-07-05 09:05 - 2018-07-05 09:12 - 079926340 _____ C:\Users\Jarda\Desktop\Crash.Burn.Racing.rar
2018-07-05 09:01 - 2018-07-05 09:15 - 257221097 _____ C:\Users\Jarda\Desktop\Sallys.Salon.Kiss.Make.Up.rar
2018-07-05 08:27 - 2018-07-22 18:05 - 000000000 ____D C:\Program Files\trend micro
2018-07-05 08:18 - 2018-07-05 08:18 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\raptor lab
2018-07-05 07:01 - 2018-07-05 07:01 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\DRUNKEN APES

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 08:22 - 2018-02-10 19:45 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\DMCache
2018-08-04 08:19 - 2017-05-09 10:14 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Mozilla
2018-08-04 06:45 - 2016-04-16 15:37 - 000000000 ____D C:\Users\Jarda\Downloads\Compressed
2018-08-04 06:11 - 2018-01-28 09:18 - 000000000 __SHD C:\Users\Jarda\IntelGraphicsProfiles
2018-08-04 06:11 - 2017-05-09 11:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-03 23:32 - 2017-09-09 07:37 - 000000749 _____ C:\Users\Jarda\Desktop\sandhya 375.txt
2018-08-03 21:42 - 2018-02-10 19:45 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\IDM
2018-07-29 23:23 - 2017-06-17 19:49 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\SmartSteamEmu
2018-07-29 23:01 - 2018-02-19 00:06 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\DefaultCompany
2018-07-29 22:56 - 2018-02-06 11:31 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-29 21:50 - 2017-07-09 00:56 - 000000000 ____D C:\Users\Jarda\Desktop\hry
2018-07-29 21:47 - 2018-02-04 08:53 - 000000000 ____D C:\Users\Jarda\Desktop\HDD
2018-07-29 21:27 - 2017-05-16 23:09 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\MPC-HC
2018-07-29 21:11 - 2013-05-09 22:19 - 000719336 _____ C:\Windows\system32\perfh005.dat
2018-07-29 21:11 - 2013-05-09 22:19 - 000148412 _____ C:\Windows\system32\perfc005.dat
2018-07-29 21:11 - 2012-07-26 09:28 - 001717852 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-29 21:11 - 2012-07-26 07:37 - 000000000 ____D C:\Windows\Inf
2018-07-28 15:29 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-28 15:29 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\AUInstallAgent
2018-07-28 15:20 - 2012-07-26 09:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-28 15:18 - 2012-07-26 07:26 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-07-28 15:11 - 2017-12-05 21:07 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-07-28 15:11 - 2017-05-09 10:08 - 000000000 ____D C:\ProgramData\IObit
2018-07-28 15:08 - 2017-06-17 21:21 - 000000000 ____D C:\AdwCleaner
2018-07-28 13:32 - 2017-11-05 21:20 - 000000000 ____D C:\Users\Jarda\AppData\Local\CrashDumps
2018-07-28 11:10 - 2016-04-05 16:03 - 000000000 ___RD C:\Users\Jarda\Desktop\programy
2018-07-28 05:56 - 2017-05-09 10:03 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2214875189-3760211905-2910999632-1002
2018-07-22 20:17 - 2018-04-21 18:29 - 000000000 ____D C:\Users\Jarda\Desktop\software
2018-07-22 20:09 - 2018-05-12 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2018-07-22 19:43 - 2018-03-04 11:46 - 000000000 ____D C:\Users\Jarda\AppData\Local\clear.fi
2018-07-22 19:35 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\system32\NDF
2018-07-22 16:13 - 2017-10-17 14:04 - 000000000 ____D C:\Users\Jarda\AppData\Local\Windows Live
2018-07-22 15:44 - 2017-05-26 18:55 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-17 00:02 - 2017-05-18 20:15 - 000563832 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-15 06:01 - 2013-11-23 22:12 - 000000091 _____ C:\Users\Jarda\AppData\default.pls
2018-07-14 15:24 - 2017-05-09 10:11 - 000000000 ____D C:\Program Files\CCleaner
2018-07-14 06:17 - 2018-04-19 20:32 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-14 06:17 - 2017-11-14 18:28 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-14 06:17 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-14 06:17 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-08 10:43 - 2017-06-05 15:49 - 000000000 ____D C:\Users\Jarda\AppData\Local\UnrealEngine
2018-07-08 09:51 - 2017-11-29 10:42 - 000000244 _____ C:\Windows\Tasks\StartMenu8_Start.job
2018-07-07 19:38 - 2013-11-17 12:10 - 000000000 ____D C:\Users\Jarda\Documents\Bluetooth Folder
2018-07-07 19:31 - 2017-05-09 10:48 - 000007597 _____ C:\Users\Jarda\AppData\Local\Resmon.ResmonCfg
2018-07-05 05:28 - 2017-05-09 10:08 - 000000000 ____D C:\ProgramData\ProductData

==================== Files in the root of some directories =======

2018-03-03 18:54 - 2018-03-03 18:54 - 000000062 _____ () C:\Users\Jarda\AppData\Roaming\settings.ini
2018-02-12 11:20 - 2018-02-12 11:59 - 000004608 _____ () C:\Users\Jarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-09 10:48 - 2018-07-07 19:31 - 000007597 _____ () C:\Users\Jarda\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Jarda\AppData\Roaming\settings.ini


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-04 00:15

==================== End of FRST.txt ============================

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#8 Příspěvek od jarek26 »

a log z addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Jarda (04-08-2018 08:26:47)
Running from C:\Users\Jarda\Desktop
Windows 8 (X64) (2017-05-09 06:43:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2214875189-3760211905-2910999632-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2214875189-3760211905-2910999632-501 - Limited - Disabled)
Jarda (S-1-5-21-2214875189-3760211905-2910999632-1002 - Administrator - Enabled) => C:\Users\Jarda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

25 to Life (HKLM-x32\...\{B8FE7CDD-61D0-445D-9209-E809780B51DD}) (Version: 1.00 - Eidos Interactive)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.106 - Alps Electric)
AntiKiller (HKLM-x32\...\AntiKiller_is1) (Version: - )
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-35eb8e22-edb2-4381-9c40-51faf29892ec) (Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
Contract Jack (HKLM-x32\...\{374CAB30-2F61-4439-9A4A-24D3AEA2960A}) (Version: - )
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-05d7ff1e-004e-4749-88e5-7778ea5f50bb) (Version: 3.0.2.32 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
ETDWare PS/2-X64 11.6.24.203_WHQL (HKLM\...\Elantech) (Version: 11.6.24.203 - ELAN Microelectronic Corp.)
Exodus From The Earth (HKLM\...\Exodus From The Earth) (Version: - Parallax Arts Studio Inc.)
Exodus From The Earth (HKLM-x32\...\Exodus From The Earth) (Version: - Parallax Arts Studio Inc.)
FormatFactory 4.2.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.2.0.0 - Free Time)
Free 3D Video Converter version 1.5 (HKLM-x32\...\Free 3D Video Converter_is1) (Version: 1.5 - Amazing Studio)
Free YouTube Downloader 4.2.795 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Funmania (HKLM-x32\...\FunmaniaFinal) (Version: Final - Game-Owl)
gBurner Virtual Drive (HKLM-x32\...\gBurner Virtual Drive) (Version: 4.3 - Power Software Ltd)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b75444c4-8fbf-453b-996f-09cb9c50b729) (Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
IGT Slots - Wild Bear Paws version 1.0 (HKLM-x32\...\IGT Slots - Wild Bear Paws_is1) (Version: 1.0 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-82aa64d0-5a64-483d-80ff-66a468e99236) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-68b6d6c9-cf79-40a5-a752-4b4432ea3b82) (Version: 2.2.0.95 - WildTangent) Hidden
Killing Floor (HKLM-x32\...\Killing Floor_is1) (Version: Killing Floor V.1064 - ZM)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.5 - PandoraTV)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8103 - Acer Incorporated)
Magic Academy (HKLM-x32\...\WTA-1b394455-54b8-48aa-89a6-7296dc3e2cf5) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes verzia 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Casino (HKLM-x32\...\MsCasino 1.0) (Version: - )
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 58.0 (x86 sk)) (Version: 58.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421051}) (Version: 7.02.9752 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
PhotoFilmStrip 3.0.2 (HKLM\...\PhotoFilmStrip_is1) (Version: 3.0.2 - Jens Göpfert)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-486c0442-feed-4523-9a09-cc18354f42b8) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Prison Break (HKLM-x32\...\{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}) (Version: 1.00 - Deep Silver)
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Resource Hacker Version 4.5.30 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Saints Row 2 (HKLM-x32\...\1430740458_is1) (Version: 2.0.0.3 - GOG.com)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scorpions WinCheater (HKLM-x32\...\Scorpions WinCheater 2.07 (s databází 112)_is1) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Ski Alpin 2005 (HKLM-x32\...\Ski Alpin 2005_0001) (Version: - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 4.1.0.4 - IObit)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-3bd38996-4b11-4b6d-a0e1-9752c0ed9650) (Version: 2.2.0.110 - WildTangent) Hidden
True Crime - Streets of LA (HKLM-x32\...\{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}) (Version: 1.00.0000 - Activision) Hidden
True Crime - Streets of LA (HKLM-x32\...\InstallShield_{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}) (Version: 1.00.0000 - Activision)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VideoWin Movie Maker 2017 (HKLM-x32\...\{3CC29C6A-B5FE-427B-8F23-32A2557A92C1}}_is1) (Version: - VideoWin)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Intel (NETwNe64) net (08/07/2012 15.5.0.42) (HKLM\...\3208E409D1A9ECC0257784D7C0AEAC3BA826402A) (Version: 08/07/2012 15.5.0.42 - Intel)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinHTTrack Website Copier 3.43-9D (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.43.12 - HTTrack)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 10.0.7.97) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.0.7.97 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers1-x32: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers4: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-12-27] (Intel Corporation)
ContextMenuHandlers6: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054232F7-8C3E-4AD5-A84C-3541BE325938} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {1AE0B3B5-CF99-44D7-992B-ED67E67E29E3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated)
Task: {28AB84DB-03F7-42C1-B7D1-2B8A9FD21A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14] (Adobe Systems Incorporated)
Task: {4ABC8AA4-5A6F-4939-AB8F-11CA2D17C96B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {582CB75B-B018-4681-9802-F5A25244FE5C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {5C75A106-2A32-4D9B-BDA6-D63E2B020B40} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {629EF38D-68CE-47D6-B6D8-6C986726E9ED} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {66192AFF-EB42-4754-B5CB-C9A7C60AAEAF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {76E1D094-9FC3-40A9-A220-99D76A0C0762} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {79BA97CA-A8E7-4986-9FD2-E5D02F5593A7} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {7C2C1693-B67A-442D-9D27-7124E2987CF7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {881C2582-9CFD-40BC-A2B2-298FBA11C0F1} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B4F76994-CDC9-47FF-B72D-4B6D0FBC8A6B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {B9D253A1-B4F4-4CAC-B471-DA21D10D5E4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2017-03-15] ()
Task: {D1A467E1-025D-434F-98BA-F2B5039AE63F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-14] (Adobe Systems Incorporated)
Task: {DA78B487-8FC4-4083-B0C5-713D5FB1FA2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {DAE3EE95-2E5A-4833-A924-F7E493C590BE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2017-03-15] ()
Task: {EF7A31F4-7929-4588-A1AF-D96CBD90294F} - System32\Tasks\StartMenu8_Start => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe [2016-11-15] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\StartMenu8_Start.job => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jarda\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2013-05-09 22:14 - 2013-02-21 07:58 - 000111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 02:45 - 2013-09-07 02:45 - 000086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2018-06-24 13:26 - 2018-06-24 13:26 - 000083208 _____ () C:\Program Files\CCleaner\lang\lang-1051.dll
2017-03-15 11:47 - 2017-03-15 11:47 - 004153648 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2013-05-09 21:38 - 2012-06-26 01:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-11-14 22:12 - 2018-02-07 08:22 - 000000836 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jarda\Desktop\2019\ine videa ft\fb 2019\FB_IMG_15195752523113038.jpg
DNS Servers: 192.168.88.1 - 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdminService"
HKLM\...\StartupApproved\Run32: => "DLLSuite2016"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{620FE006-B313-4650-BBD8-FD8311E700FE}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{9B6FC1EA-BC8D-413B-BC84-7D2FB03F4F62}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{4C9609DC-F2AE-4AC4-80A4-63C60F11B332}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3441D97B-665E-4F64-B783-3E955A4CF453}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA0EE244-262E-449F-B7D1-DC064AA4E3C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0465D928-CE17-474A-AD38-0F0107A83A5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3C0399D-7D7A-4BCC-ACF8-6EECCEFDDE28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2170EFED-8F23-4E70-9676-316AD52B5A78}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{7BC26475-1DB2-4D0F-BE0C-B62C0163B3DE}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe
FirewallRules: [UDP Query User{3BF626A2-B174-450D-B395-3FA544617F6D}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe
FirewallRules: [TCP Query User{7F9F930F-02B8-4D28-A066-7912D6C4E5C1}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe
FirewallRules: [UDP Query User{BF01062C-B321-48F6-8BE5-4D0036AE8B68}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe
FirewallRules: [TCP Query User{E8E3BB31-502A-4E68-AC26-42F4CB6B62E8}C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe
FirewallRules: [UDP Query User{3E317615-3B3E-41A0-A263-D95C95A9D7F1}C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe
FirewallRules: [TCP Query User{BED51BB7-5877-475F-BF04-42DFB2DACF0C}C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe] => (Block) C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe
FirewallRules: [UDP Query User{1DE43CD0-FC5C-4ABE-BD7F-3E271E21D4B2}C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe] => (Block) C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe
FirewallRules: [TCP Query User{8B14C2B8-27F7-41C8-A139-564F52C8F2EA}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Allow) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe
FirewallRules: [UDP Query User{BF32BBA3-1823-46E6-B0EA-BFEA38586FA3}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Allow) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe
FirewallRules: [TCP Query User{B3E461B1-4973-4576-926E-8EA098F9F79C}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe
FirewallRules: [UDP Query User{35F9CC04-B55A-4F4D-8B92-B71E0C8A0149}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe
FirewallRules: [{10283835-24DE-4809-B357-6C8BBC29AA1C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D42E7D43-6188-4D1D-9A28-710F71C726A4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{0FEDBD06-FF9D-4174-BA1C-53A181259EB0}C:\users\jarda\saved games\killingfloor\system\killingfloor.exe] => (Block) C:\users\jarda\saved games\killingfloor\system\killingfloor.exe
FirewallRules: [UDP Query User{FC7187F7-82DA-42EA-8326-D3BFB76780EF}C:\users\jarda\saved games\killingfloor\system\killingfloor.exe] => (Block) C:\users\jarda\saved games\killingfloor\system\killingfloor.exe
FirewallRules: [TCP Query User{A8074CC0-A107-4FB9-A116-CD597A656921}C:\users\jarda\desktop\raft.v1.01\raft.v1.01\raft\raft.exe] => (Block) C:\users\jarda\desktop\raft.v1.01\raft.v1.01\raft\raft.exe
FirewallRules: [UDP Query User{6D31B258-27A4-4782-BE07-6242B5D55F70}C:\users\jarda\desktop\raft.v1.01\raft.v1.01\raft\raft.exe] => (Block) C:\users\jarda\desktop\raft.v1.01\raft.v1.01\raft\raft.exe

==================== Restore Points =========================

22-07-2018 19:21:56 Revo Uninstaller's restore point - Revhead Boodja Dooga Lake
22-07-2018 19:57:18 Revo Uninstaller's restore point - Deliverance
22-07-2018 20:08:59 Revo Uninstaller's restore point - Tencent Gaming Buddy
29-07-2018 21:23:55 Revo Uninstaller's restore point - Die In The Dark

==================== Faulty Device Manager Devices =============

Name: Microsoft Basic Display Adapter
Description: Microsoft Basic Display Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2018 11:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Raft.exe version 2017.1.0.9747 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b8c

Start Time: 01d427825a2faff8

Termination Time: 0

Application Path: C:\Users\Jarda\Desktop\Raft.v1.01\Raft.v1.01\Raft\Raft.exe

Report Id: e2b65702-9376-11e8-bfaf-bc8556123412

Faulting package full name:

Faulting package-relative application ID:

Error: (07/29/2018 09:23:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Prístup je odmietnutý.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c14999cd-c235-4a18-b749-c91eccbfa06a}

Error: (07/29/2018 09:11:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/29/2018 09:11:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/28/2018 03:24:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: IAStorDataMgrSvc.exe, verzia: 11.5.4.1001, časová značka: 0x502d5a1d
Názov chybujúceho modulu: IAStorUtil.ni.dll, verzia: 11.5.4.1001, časová značka: 0x502d5a19
Kód výnimky: 0xc0000005
Odstup chyby: 0x0002f3fd
Identifikácia chybujúceho procesu: 0xc9c
Čas spustenia chybujúcej aplikácie: 0x01d42676414cb842
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta chybujúceho modulu: C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\2cf630a2ce19e89c848301c1aed08e0c\IAStorUtil.ni.dll
Identifikácia hlásenia: 884007be-9269-11e8-bfaf-bc8556123412
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (07/28/2018 03:24:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (07/28/2018 03:24:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NASvc.exe, verzia: 11.0.31.0, časová značka: 0x50002b1d
Názov chybujúceho modulu: NASvc.exe, verzia: 11.0.31.0, časová značka: 0x50002b1d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00036d19
Identifikácia chybujúceho procesu: 0xcec
Čas spustenia chybujúcej aplikácie: 0x01d4267642c56fdd
Cesta chybujúcej aplikácie: c:\Program Files (x86)\Nero\Update\NASvc.exe
Cesta chybujúceho modulu: c:\Program Files (x86)\Nero\Update\NASvc.exe
Identifikácia hlásenia: 87c8d065-9269-11e8-bfaf-bc8556123412
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (07/28/2018 03:06:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 58.0.0.6592 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c0

Start Time: 01d426739e9c29c8

Termination Time: 0

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 06c5e408-9267-11e8-bfae-bc8556123412

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (08/04/2018 07:46:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:45:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:44:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:41:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:40:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:36:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:36:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (08/04/2018 07:36:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


Windows Defender:
===================================
Date: 2018-08-04 07:39:07.110
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {A588FDE9-2EF6-481B-ACBD-6DDF18066059}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-08-04 07:19:07.979
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {BC8ED0BD-A57A-447B-9552-5C787ACDBED0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-08-03 21:43:13.276
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\Jarda\Desktop\FRSTLauncher.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.273.802.0, AS: 1.273.802.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15100.1, NIS: 0.0.0.0

Date: 2018-08-03 21:42:49.415
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\Jarda\Desktop\FRSTLauncher.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Signature Version: AV: 1.273.802.0, AS: 1.273.802.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15100.1, NIS: 0.0.0.0

Date: 2018-08-03 21:42:45.556
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\Jarda\AppData\Roaming\IDM\DwnlData\Jarda\FRSTLauncher_1809\FRSTLauncher.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Signature Version: AV: 1.273.802.0, AS: 1.273.802.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15100.1, NIS: 0.0.0.0

Date: 2018-07-08 13:07:27.203
Description:
Windows Defender has encountered an error trying to restore an item from quarantine.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: VirTool:Win32/Obfuscator
ID: 2147584956
Severity: Závažná
Category: Nástroj
Error Code: 0x80508014
Error description: Položku v karanténe nie je možné obnoviť.
Signature Version: AV: 1.271.532.0, AS: 1.271.532.0
Engine Version: 1.1.15000.2

Date: 2018-07-08 13:07:19.299
Description:
Windows Defender has encountered an error trying to restore an item from quarantine.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: VirTool:Win32/VBInject
ID: 2147600125
Severity: Závažná
Category: Nástroj
Error Code: 0x80508014
Error description: Položku v karanténe nie je možné obnoviť.
Signature Version: AV: 1.271.532.0, AS: 1.271.532.0
Engine Version: 1.1.15000.2

Date: 2018-07-05 12:05:44.157
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x800b0003
Error description: Zadaný dôveryhodný poskytovateľ nepodporuje, alebo nepozná zadaný formulár predmetu.

Date: 2018-07-05 11:48:36.666
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x800b0003
Error description: Zadaný dôveryhodný poskytovateľ nepodporuje, alebo nepozná zadaný formulár predmetu.

Date: 2018-06-09 11:17:42.476
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-07-28 15:19:28.800
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-07-08 07:54:29.906
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-13 15:42:59.750
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-13 13:53:00.797
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-13 13:26:07.188
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-13 11:59:01.998
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-13 09:30:32.760
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-11 22:09:57.481
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 3911.27 MB
Available physical RAM: 2670.62 MB
Total Virtual: 5191.27 MB
Available Virtual: 3645.57 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:682.19 GB) (Free:11.63 GB) NTFS

\\?\Volume{1365bb28-c031-4ce5-9094-5cfc1cccc921}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{06dd8e21-ead6-4352-ac57-5f0fcfefad77}\ (Push Button Reset) (Fixed) (Total:15.64 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4EAFD38C)

Partition: GPT.

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#9 Příspěvek od Conder »

:arrow: Odporucam odinstalovat aj program "Start Menu 8", kedze tento program je od "znamej firmy" IObit, a nase forum dorazne odporuca odinstalovat a nepouzivat ziadne programy od IObit, nakolko mozu poskodit system.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    Folder: C:\ProgramData\Tencent
    File: C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    File: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    File: C:\Windows\system32\drivers\acedrv07.sys
    File: C:\Windows\SysWow64\Drivers\secdrv.sys
    CMD: type "C:\Users\Jarda\AppData\Roaming\settings.ini"
    ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
    SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL = 
    FF NewTab: Mozilla\Firefox\Profiles\kc9o04ej.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__171205__yaff
    S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
    S1 160WifiNetPro; \??\C:\Users\Jarda\Desktop\DTLSoft\160wifi\160WifiNetPro64.sys [X]
    S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
    S1 MpKsl91945ea9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD29119C-C01A-439E-8551-199E4F9685CD}\MpKsl91945ea9.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S1 QMInjector64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMInjector64.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMUdisk64.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files\Smart PC Utilities\Game Fire\GameFire.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
    2018-07-22 18:04 - 2018-07-22 18:05 - 000000000 ____D C:\rsit
    2018-07-05 12:06 - 2018-07-05 12:06 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3CFB.tmp
    2018-07-05 08:27 - 2018-07-22 18:05 - 000000000 ____D C:\Program Files\trend micro
    2018-03-03 18:54 - 2018-03-03 18:54 - 000000062 _____ () C:\Users\Jarda\AppData\Roaming\settings.ini
    ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
    C:\ProgramData\Tencent
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#10 Příspěvek od jarek26 »

dobry den,
takze posielam ten fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Jarda (11-08-2018 15:05:51) Run:1
Running from C:\Users\Jarda\Desktop
Loaded Profiles: Jarda (Available Profiles: Jarda & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\ProgramData\Tencent
File: C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
File: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
File: C:\Windows\system32\drivers\acedrv07.sys
File: C:\Windows\SysWow64\Drivers\secdrv.sys
CMD: type "C:\Users\Jarda\AppData\Roaming\settings.ini"
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
FF NewTab: Mozilla\Firefox\Profiles\kc9o04ej.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__171205__yaff
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
S1 160WifiNetPro; \??\C:\Users\Jarda\Desktop\DTLSoft\160wifi\160WifiNetPro64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S1 MpKsl91945ea9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD29119C-C01A-439E-8551-199E4F9685CD}\MpKsl91945ea9.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S1 QMInjector64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMInjector64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.3.26530.901\QMUdisk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Smart PC Utilities\Game Fire\GameFire.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2018-07-22 18:04 - 2018-07-22 18:05 - 000000000 ____D C:\rsit
2018-07-05 12:06 - 2018-07-05 12:06 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3CFB.tmp
2018-07-05 08:27 - 2018-07-22 18:05 - 000000000 ____D C:\Program Files\trend micro
2018-03-03 18:54 - 2018-03-03 18:54 - 000000062 _____ () C:\Users\Jarda\AppData\Roaming\settings.ini
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
C:\ProgramData\Tencent

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\ProgramData\Tencent ========================

2018-03-03 19:26 - 2018-03-03 19:26 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\Desktop
2018-03-03 19:26 - 2018-03-03 19:26 - 000000016 ____A [1AED4EB3659C4145F64558A07BB68246] () C:\ProgramData\Tencent\Desktop\Global.db
2018-03-03 19:26 - 2018-07-22 20:09 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\QQDownload
2018-03-03 19:28 - 2018-07-22 20:09 - 000000013 ____A [FCDBAAB3B332F90E2C6AEC0E0C1B835D] () C:\ProgramData\Tencent\QQDownload\mediadl.cch
2018-03-03 19:28 - 2018-07-22 20:09 - 000000008 ____A [3E27B3AA6B89137CCE48B3379A2A6610] () C:\ProgramData\Tencent\QQDownload\mediadlp.cch
2018-05-12 13:31 - 2018-05-13 14:06 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\QQPCMgr
2018-05-12 14:05 - 2018-07-28 15:18 - 000262144 ____A [45C5440ACD54B55A93950C957F351F40] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv
2018-05-12 14:05 - 2018-05-12 14:05 - 000008192 __ASH [85FFB98D70059BF4466E0225B1C6DD98] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv.LOG1
2018-05-12 14:05 - 2018-05-12 14:05 - 000000000 __ASH [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv.LOG2
2018-05-12 14:05 - 2018-05-12 14:05 - 000065536 __ASH [F42BF66FF17FEDAE1826A0FAC7166033] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{39cac3e2-5557-11e8-bfa8-bc8556123412}.TM.blf
2018-05-12 14:05 - 2018-05-12 14:05 - 000524288 __ASH [9A7E67E57D360C54195AD9050989BFF8] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{39cac3e2-5557-11e8-bfa8-bc8556123412}.TMContainer00000000000000000001.regtrans-ms
2018-05-12 14:05 - 2018-05-12 14:05 - 000524288 __ASH [59071590099D21DD439896592338BF95] () C:\ProgramData\Tencent\QQPCMgr\QMConfig.hiv{39cac3e2-5557-11e8-bfa8-bc8556123412}.TMContainer00000000000000000002.regtrans-ms
2018-05-13 14:06 - 2018-05-13 14:06 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\QQPCMgr\TrojanLog
2018-03-03 19:22 - 2018-03-03 20:25 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\TSVulFw
2018-03-03 19:21 - 2018-03-03 19:21 - 000664352 ____A [247D51E5D4FCB89F200E55A2F3CF9A02] (Tencent) C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT
2018-03-03 19:21 - 2018-03-03 19:22 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\TSVulFw_Cache
2018-05-12 14:05 - 2018-05-12 14:05 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\TxGameAssistant
2018-05-12 14:05 - 2018-05-12 14:05 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Tencent\TxGameAssistant\Snapshot

====== End of Folder: ======


========================= File: C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe ========================

C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
File not signed
MD5: B68BC92DC0F6484E5862BA1B09EE720C
Creation and modification date: 2013-09-07 02:52 - 2013-09-07 02:52
Size: 000312448
Attributes: ----A
Company Name: Windows (R) Win 7 DDK provider
Internal Name: SETUPAPI.DLL
Original Name: SETUPAPI.DLL
Product: Windows (R) Win 7 DDK driver
Description: Windows Setup API
File Version: 6.2.9200.16384
Product Version: 6.2.9200.16384
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/e15bf19 ... 533193372/

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
File not signed
MD5: 7F7A03D03FA18A0DB2DAC37A8D620E7F
Creation and modification date: 2017-05-09 10:22 - 2012-08-16 13:37
Size: 000007168
Attributes: ----A
Company Name: Intel Corporation
Internal Name: IAStorDataMgrSvc.exe
Original Name: IAStorDataMgrSvc.exe
Product: IAStorDataSvc
Description: IAStorDataSvc
File Version: 11.5.4.1001
Product Version: 11.5.4.1001
Copyright: Copyright © Intel Corporation 2009-2012
VirusTotal: https://www.virustotal.com/file/b867a6b ... 530031941/

====== End of File: ======


========================= File: C:\Windows\system32\drivers\acedrv07.sys ========================

C:\Windows\system32\drivers\acedrv07.sys
File not signed
MD5: 6E9C8B324980AFE454C6F7762E2B4478
Creation and modification date: 2018-03-04 15:54 - 2018-03-04 15:54
Size: 000125440
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/b65cc18 ... 530873117/

====== End of File: ======


========================= File: C:\Windows\SysWow64\Drivers\secdrv.sys ========================

C:\Windows\SysWow64\Drivers\secdrv.sys
File not signed
MD5: 6EC4EC9DB637B125DF29A6FB0E53AB5D
Creation and modification date: 2017-09-20 13:06 - 2000-08-09 12:01
Size: 000011616
Attributes: ---RA
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= type "C:\Users\Jarda\AppData\Roaming\settings.ini" =========

[PCID-NET2]
COUNT=1
1=NET137b2e2ab38601905cdd6cb2cbc801cf2

========= End of CMD: =========

================== ExportKey: ===================

"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1" => not found

=== End of ExportKey ===
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"Firefox newtab" => removed successfully
"HKLM\System\CurrentControlSet\Services\DigitalWave.Update.Service" => removed successfully
DigitalWave.Update.Service => service removed successfully
"HKLM\System\CurrentControlSet\Services\160WifiNetPro" => removed successfully
160WifiNetPro => service removed successfully
"HKLM\System\CurrentControlSet\Services\DUMeterDrv" => removed successfully
DUMeterDrv => service removed successfully
MpKsl91945ea9 => service not found.
"HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removed successfully
nvvad_WaveExtensible => service removed successfully
"HKLM\System\CurrentControlSet\Services\QMInjector64" => removed successfully
QMInjector64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\QMUdisk" => removed successfully
QMUdisk => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully
WinRing0_1_2_0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
C:\rsit => moved successfully
C:\Windows\system32\Drivers\SET3CFB.tmp => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Jarda\AppData\Roaming\settings.ini => moved successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\str" => removed successfully
C:\ProgramData\Tencent => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6492501 B
Java, Flash, Steam htmlcache => 13214188 B
Windows/system/drivers => 1143954 B
Edge => 0 B
Chrome => 0 B
Firefox => 23517747 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 9760718 B
NetworkService => 0 B
UpdatusUser => 0 B
Jarda => 1551343 B
UpdatusUser.000 => 0 B
UpdatusUser.Jaroslav => 0 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 61.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:07:37 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#11 Příspěvek od Conder »

:arrow: Tak este precistime zbytky po IObit

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    S2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit)
    ContextMenuHandlers1-x32: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
    ContextMenuHandlers4: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
    ContextMenuHandlers6: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
    Task: {EF7A31F4-7929-4588-A1AF-D96CBD90294F} - System32\Tasks\StartMenu8_Start => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe [2016-11-15] ()
    Task: C:\Windows\Tasks\StartMenu8_Start.job => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe
    
    C:\Program Files\IObit
    C:\Program Files (x86)\IObit
    C:\Program Files\Common Files\IObit
    C:\ProgramData\IObit
    C:\ProgramData\ProductData
    C:\Users\Jarda\AppData\Roaming\IObit
    C:\Users\Jarda\AppData\LocalLow\IObit
    C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
    C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
    C:\Users\Default\AppData\Roaming\IObit
    C:\Users\Default\AppData\LocalLow\IObit
    C:\Users\Public\Desktop\*Driver Booster*
    C:\Users\Public\Desktop\*Advanced SystemCare*
    C:\Windows\IObit
    C:\Windows\Tasks\ImCleanDisabled
    C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: prosim o kontrolu logu

#12 Příspěvek od jarek26 »

dobry den,
posielam este log z frst:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Jarda (12-08-2018 13:14:47) Run:2
Running from C:\Users\Jarda\Desktop
Loaded Profiles: Jarda (Available Profiles: Jarda & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

S2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit)
ContextMenuHandlers1-x32: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers4: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers6: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
Task: {EF7A31F4-7929-4588-A1AF-D96CBD90294F} - System32\Tasks\StartMenu8_Start => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe [2016-11-15] ()
Task: C:\Windows\Tasks\StartMenu8_Start.job => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe

C:\Program Files\IObit
C:\Program Files (x86)\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\ProductData
C:\Users\Jarda\AppData\Roaming\IObit
C:\Users\Jarda\AppData\LocalLow\IObit
C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
C:\Users\Default\AppData\Roaming\IObit
C:\Users\Default\AppData\LocalLow\IObit
C:\Users\Public\Desktop\*Driver Booster*
C:\Users\Public\Desktop\*Advanced SystemCare*
C:\Windows\IObit
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
SMService => service not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IobitStartMenu => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IobitStartMenu => not found
HKLM\Software\Classes\CLSID\{AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IobitStartMenu => not found
HKLM\Software\Classes\CLSID\{AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF7A31F4-7929-4588-A1AF-D96CBD90294F} => not found
"C:\Windows\System32\Tasks\StartMenu8_Start" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartMenu8_Start => not found
"C:\Windows\Tasks\StartMenu8_Start.job" => not found
"C:\Program Files\IObit" => not found
C:\Program Files (x86)\IObit => moved successfully
"C:\Program Files\Common Files\IObit" => not found
C:\ProgramData\IObit => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\Jarda\AppData\Roaming\IObit => moved successfully
C:\Users\Jarda\AppData\LocalLow\IObit => moved successfully

=========== "C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ==========

not found

========= End -> "C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ========


=========== "C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ========

"C:\Users\Default\AppData\Roaming\IObit" => not found
"C:\Users\Default\AppData\LocalLow\IObit" => not found

=========== "C:\Users\Public\Desktop\*Driver Booster*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Driver Booster*" ========


=========== "C:\Users\Public\Desktop\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Advanced SystemCare*" ========

C:\Windows\IObit => moved successfully
"C:\Windows\Tasks\ImCleanDisabled" => not found
"C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8555133 B
Java, Flash, Steam htmlcache => 132237 B
Windows/system/drivers => 71156 B
Edge => 0 B
Chrome => 0 B
Firefox => 25177907 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8944 B
UpdatusUser => 0 B
Jarda => 4246753 B
UpdatusUser.000 => 0 B
UpdatusUser.Jaroslav => 0 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 44.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:17:29 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o kontrolu logu

#13 Příspěvek od Conder »

:arrow: Vyzera to uz OK.

:arrow: Odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update, vratane aktualizacie Windows 8.1, nakolko bez nej system neobdrzi dalsie aktualizacie.

:arrow: Windows Defender je podla logu vypnuty a nie je nainstalovany ziadny iny antivirus. Odporucam zapnut aspon Windows Defender.

:arrow: Skontroluj velkost plochy (C:\Users\Jarda\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět