Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

kontola pc

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

kontola pc

#1 Příspěvek od jarek26 »

poprosim o kontrolu pc ci je vsetko ok.
posielam log z rsit
Dakujem

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarda at 2019-05-11 10:06:21
Microsoft Windows 8.1
System drive C: has 72 GB (10%) free of 698 GB
Total RAM: 3911 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:34, on 11.5.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files\Password Door\TLPD.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_32_0_0_171.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_32_0_0_171.exe
C:\Program Files\trend micro\Jarda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Wondershare - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe

--
End of file - 10738 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
dashost.exe {684246c3-b90c-471e-b36e9665b771703e}
"C:\Program Files\Elantech\ETDService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\WINDOWS\SysWOW64\svchost.exe -k LocalDriverService
C:\Windows\RfBtnSvc64.exe
C:\WINDOWS\system32\locator.exe
"C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"

C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskhost.exe $(Arg0)
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window --enable-setforeground-window --enable-kbhook-window
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"C:\Program Files\Password Door\TLPD.EXE"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
C:\WINDOWS\system32\igfxext.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:\Program Files\Password Door\TLPD64.EXE"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
"C:\WINDOWS\system32\taskmgr.exe" /4
C:\WINDOWS\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="36976.0.100531277\431095082" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\Jarda\AppData\LocalLow\Mozilla\Temp-{80221a1e-fd17-4d6a-bc89-98553ad259d4}" 36976 "\\.\pipe\gecko-crash-server-pipe.36976" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="36976.3.2090847987\454683019" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{80221a1e-fd17-4d6a-bc89-98553ad259d4}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 36976 "\\.\pipe\gecko-crash-server-pipe.36976" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="36976.13.1277841824\341155951" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{80221a1e-fd17-4d6a-bc89-98553ad259d4}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 36976 "\\.\pipe\gecko-crash-server-pipe.36976" tab
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 499D0139-3FC5-9DA5-21F2-52BEEB9FE15F -Reinvoke
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="36976.27.619198954\2056367058" -childID 4 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|155:4;high|192:38;{80221a1e-fd17-4d6a-bc89-98553ad259d4}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 36976 "\\.\pipe\gecko-crash-server-pipe.36976" tab
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="36976.34.1718910704\1737190374" "C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 36976 "\\.\pipe\gecko-crash-server-pipe.36976" plugin
"C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_32_0_0_171.exe" --proxy-stub-channel=Flash26616.701BE2A8.23917 --host-broker-channel=Flash26616.701BE2A8.5938 --host-pid=26616 --host-npapi-version=29 --plugin-path="C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_32_0_0_171.dll"
"C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_32_0_0_171.exe" --channel=8880.0134F90C.1888689190 --proxy-stub-channel=Flash26616.701BE2A8.23917 --plugin-path="C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_32_0_0_171.dll" --host-npapi-version=29 --type=renderer

"C:\Users\Jarda\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup

=========Mozilla firefox=========

ProfilePath - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\mxi3et99.default-1556304753948

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.171 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.211.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.211.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.171 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14 528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14 453688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-11 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-11 194424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2012-06-28 650648]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-05-22 2890056]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2018-04-25 18388936]
"Password Door"=C:\Program Files\Password Door\TLPD.EXE [2012-08-18 165136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2018-01-14 4091960]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-10-23 19467544]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-04-01 645456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=1
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-05-11 10:06:21 ----D---- C:\rsit
2019-05-11 10:06:21 ----D---- C:\Program Files\trend micro
2019-05-11 08:44:28 ----D---- C:\Users\Jarda\AppData\Roaming\Sun
2019-05-11 08:44:13 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2019-05-11 08:42:44 ----D---- C:\Program Files (x86)\Java
2019-05-11 08:20:03 ----D---- C:\Users\Jarda\AppData\Roaming\Floating Sandbox
2019-04-27 12:58:27 ----D---- C:\Users\Jarda\AppData\Roaming\ParisJewelryShop
2019-04-26 22:10:27 ----D---- C:\Users\Jarda\AppData\Roaming\VSO
2019-04-26 22:10:27 ----D---- C:\ProgramData\VSO
2019-04-26 22:10:27 ----D---- C:\Program Files (x86)\VSO
2019-04-20 09:02:23 ----D---- C:\Users\Jarda\AppData\Roaming\BeachPartyCraze
2019-04-20 08:21:58 ----D---- C:\ProgramData\Socialclub
2019-04-20 07:34:46 ----A---- C:\WINDOWS\Sof2.INI
2019-04-20 07:21:18 ----D---- C:\Users\Jarda\AppData\Roaming\MMFApplications
2019-04-13 15:05:04 ----D---- C:\Users\Jarda\AppData\Roaming\DriveTheLife2013
2019-04-13 14:58:43 ----D---- C:\ProgramData\TopLang
2019-04-13 14:58:42 ----D---- C:\Program Files\Password Door
2019-04-13 14:00:36 ----D---- C:\ProgramData\MEM
2019-04-13 14:00:35 ----SHD---- C:\ProgramData\NXKABG

======List of files/folders modified in the last 1 month======

2019-05-11 10:06:29 ----D---- C:\WINDOWS\Prefetch
2019-05-11 10:06:21 ----RD---- C:\Program Files
2019-05-11 10:02:37 ----D---- C:\Users\Jarda\AppData\Roaming\DMCache
2019-05-11 10:02:17 ----D---- C:\Users\Jarda\AppData\Roaming\IDM
2019-05-11 10:00:53 ----D---- C:\WINDOWS\Temp
2019-05-11 10:00:00 ----D---- C:\WINDOWS\system32\sru
2019-05-11 09:41:46 ----D---- C:\Users\Jarda\AppData\Roaming\MPC-HC
2019-05-11 09:41:42 ----D---- C:\WINDOWS\SoftwareDistribution
2019-05-11 09:41:42 ----D---- C:\Windows
2019-05-11 09:35:54 ----D---- C:\WINDOWS\Microsoft.NET
2019-05-11 08:44:39 ----SHD---- C:\WINDOWS\Installer
2019-05-11 08:44:38 ----SHD---- C:\Config.Msi
2019-05-11 08:44:38 ----D---- C:\Program Files (x86)\Common Files
2019-05-11 08:44:13 ----D---- C:\WINDOWS\SysWOW64
2019-05-11 08:42:44 ----RD---- C:\Program Files (x86)
2019-05-11 08:06:35 ----SHD---- C:\System Volume Information
2019-05-11 06:00:30 ----D---- C:\WINDOWS\Inf
2019-05-11 00:58:11 ----D---- C:\ProgramData\NVIDIA
2019-05-05 19:56:15 ----RD---- C:\WINDOWS\System32
2019-05-05 19:56:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-01 12:53:56 ----D---- C:\Program Files (x86)\Steam
2019-04-27 12:46:39 ----D---- C:\WINDOWS\system32\Tasks
2019-04-27 09:12:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2019-04-27 09:12:35 ----HD---- C:\ProgramData
2019-04-27 06:23:04 ----D---- C:\WINDOWS\system32\config
2019-04-26 23:04:18 ----D---- C:\WINDOWS\system32\drivers
2019-04-26 20:48:32 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2019-04-13 15:11:44 ----D---- C:\WINDOWS\CbsTemp
2019-04-13 15:10:25 ----D---- C:\WINDOWS\system32\catroot2
2019-04-13 15:09:26 ----D---- C:\WINDOWS\system32\catroot
2019-04-13 14:52:01 ----D---- C:\WINDOWS\WinSxS
2019-04-12 21:27:00 ----D---- C:\WINDOWS\system32\Macromed
2019-04-12 21:26:58 ----D---- C:\WINDOWS\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-10-29 632168]
R0 LDrvPro;LDrvPro; C:\WINDOWS\system32\drivers\LDrvPro64.sys [2019-04-26 195824]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2018-03-25 48032]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-06-17 27552]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2017-09-26 277904]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2017-05-17 314016]
R2 IDMWFP;IDMWFP; C:\WINDOWS\system32\DRIVERS\idmwfp.sys [2017-12-29 226024]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2017-05-17 43680]
R3 athr;@oem95.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2017-08-07 4319632]
R3 b57xdbd;@oem102.inf,%bcmxd_16bf_svcd%;Broadcom xD Picture Bus Driver Service; C:\WINDOWS\System32\drivers\b57xdbd.sys [2012-08-13 72280]
R3 b57xdmp;@oem102.inf,%BXD_SVCDESC%;Broadcom xD Picture vstorp client drv; C:\WINDOWS\System32\drivers\b57xdmp.sys [2012-08-13 21080]
R3 bScsiMSa;bScsiMSa; C:\WINDOWS\System32\drivers\bScsiMSa.sys [2013-07-23 59088]
R3 bScsiSDa;bScsiSDa; C:\WINDOWS\System32\drivers\bScsiSDa.sys [2014-01-10 82128]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-01-19 602128]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2015-06-10 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-11-21 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-11-21 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2015-06-10 81920]
R3 gcdbus;@oem51.inf,%gcdbus_SvcDesc%;Driver for gBurner SCSI Host Controller; C:\WINDOWS\System32\drivers\gcdbus.sys [2017-01-10 167424]
R3 ICCWDT;@oem85.inf,%ICCWDT.SVCDESC%;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\WINDOWS\System32\drivers\ICCWDT.sys [2017-05-08 38480]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2018-09-11 3799872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2018-04-25 6197704]
R3 IntcDAud;@oem88.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2017-07-09 480800]
R3 iwdbus;@oem93.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 k57nd60a;@oem109.inf,%SvcDispName%;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\WINDOWS\system32\DRIVERS\k57nd60a.sys [2013-10-29 458960]
R3 MEIx64;@oem86.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2016-03-29 186424]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2018-03-25 17371168]
R3 nvvhci;@oem40.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2017-06-08 57792]
R3 Ps2Kb2Hid;@oem3.inf,%Ps2Kb2Hid.SVCDESC%;PS/2 Keyboard to HID Driver; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2013-05-09 26736]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 SynTP;@oem45.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2017-01-23 924248]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-11-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys [2018-03-04 125440]
S1 MpKsl1131c973;MpKsl1131c973; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5792B093-C78E-414B-960F-F1D6349BC324}\MpKsl1131c973.sys []
S2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2017-09-26 228000]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2012-07-02 446840]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2013-09-07 34384]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-06-10 1201664]
S3 ETD;ELAN PS/2 Port Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2013-05-22 377160]
S3 intaud_WaveExtensible;@oem91.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [2019-04-13 253664]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2013-09-30 34544]
S3 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [2018-05-09 207840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-02-20 2615368]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-10 350544]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2013-05-22 101192]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2018-09-11 317416]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LDrvSvc;Local Driver Service; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-03-24 464272]
R2 RfButtonDriverService;Dritek RF Button Command Service; C:\Windows\RfBtnSvc64.exe [2018-01-28 93296]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-01-16 752224]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-01-23 267864]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-03-16 662088]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-16 7168]
S2 NAUpdate;Nero Update; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-04-12 335416]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2018-09-11 376296]
S3 DeviceFastLaneService;Device Fast-lane Service; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-08-22 468624]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MBAMService;Malwarebytes Service; C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [2018-05-09 6541008]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-12-15 1644832]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontola pc

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: kontola pc

#3 Příspěvek od jarek26 »

dobry den,tak posiela, ten log .

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-17-2019
# Duration: 00:00:39
# OS: Windows 8.1
# Scanned: 27198
# Detected: 3


***** [ Services ] *****

PUP.Optional.DriveTheLife LDrvSvc

***** [ Folders ] *****

PUP.Optional.DriveTheLife C:\Users\Jarda\AppData\Roaming\DriveTheLife2013

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


vycistene a opraene boli vsetky 3 polozky.neviem ci so mal poslat S# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-17-2019
# Duration: 00:00:39
# OS: Windows 8.1
# Scanned: 27198
# Detected: 3


***** [ Services ] *****

PUP.Optional.DriveTheLife LDrvSvc

***** [ Folders ] *****

PUP.Optional.DriveTheLife C:\Users\Jarda\AppData\Roaming\DriveTheLife2013

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-17-2019
# Duration: 00:00:39
# OS: Windows 8.1
# Scanned: 27198
# Detected: 3


***** [ Services ] *****

PUP.Optional.DriveTheLife LDrvSvc

***** [ Folders ] *****

PUP.Optional.DriveTheLife C:\Users\Jarda\AppData\Roaming\DriveTheLife2013

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Dakujem

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontola pc

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: kontola pc

#5 Příspěvek od jarek26 »

takze posielam logy
z frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05.2019
Ran by Jarda (administrator) on JAROSLAV (Acer Aspire E1-531G) (17-05-2019 22:38:27)
Running from C:\Users\Jarda\Desktop
Loaded Profiles: Jarda (Available Profiles: Jarda & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Atheros Communications) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(TopLang Software -> TopLang Software) C:\Program Files\Password Door\TLPD.EXE
(TopLang Software -> TopLang Software) C:\Program Files\Password Door\TLPD64.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-06-28] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-05-22] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388936 2018-04-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Password Door] => C:\Program Files\Password Door\TLPD.EXE [165136 2012-08-18] (TopLang Software -> TopLang Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm Atheros -> Atheros Communications) [File not signed]
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4091960 2018-01-14] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2014-11-21] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-07] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-07] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182784 2018-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [182784 2018-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [159704 2018-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054232F7-8C3E-4AD5-A84C-3541BE325938} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
Task: {1AE0B3B5-CF99-44D7-992B-ED67E67E29E3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [5306440 2013-03-16] (Acer Incorporated -> Acer Incorporated)
Task: {28AB84DB-03F7-42C1-B7D1-2B8A9FD21A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-17] (Adobe Inc. -> Adobe)
Task: {4ABC8AA4-5A6F-4939-AB8F-11CA2D17C96B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Task: {582CB75B-B018-4681-9802-F5A25244FE5C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Task: {5C75A106-2A32-4D9B-BDA6-D63E2B020B40} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Task: {629EF38D-68CE-47D6-B6D8-6C986726E9ED} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [977288 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66192AFF-EB42-4754-B5CB-C9A7C60AAEAF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Task: {670665D1-2CB6-4542-ADAE-835CFBCDDDCF} - System32\Tasks\Password Door => C:\Program Files\Password Door\TLPD.EXE [165136 2012-08-18] (TopLang Software -> TopLang Software)
Task: {689FFFD2-637E-4ABE-9EA5-AAE824909FD3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {76E1D094-9FC3-40A9-A220-99D76A0C0762} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {79BA97CA-A8E7-4986-9FD2-E5D02F5593A7} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [994880 2013-02-08] (CyberLink Corp. -> CyberLink)
Task: {AB7D02E0-206F-4C40-BF9E-3734AEBEF82B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4366424 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {B4F76994-CDC9-47FF-B72D-4B6D0FBC8A6B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {B9D253A1-B4F4-4CAC-B471-DA21D10D5E4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [41264 2017-03-15] (Acer Incorporated -> )
Task: {D1A467E1-025D-434F-98BA-F2B5039AE63F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-17] (Adobe Inc. -> Adobe)
Task: {DA78B487-8FC4-4083-B0C5-713D5FB1FA2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Software Ltd -> Piriform Ltd)
Task: {DAE3EE95-2E5A-4833-A924-F7E493C590BE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [4153648 2017-03-15] (Acer Incorporated -> )
Task: {E5CCCCCF-3712-4068-BA83-8E50B4F47CEF} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.1.20
Tcpip\..\Interfaces\{BC8DC1B1-ACF5-4992-813C-021D938D063E}: [DhcpNameServer] 192.168.88.1 192.168.1.20
Tcpip\..\Interfaces\{D306E670-806E-4FA4-BE11-1FA0DBA4EBBC}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-11] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: mxi3et99.default-1556304753948
FF ProfilePath: C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\mxi3et99.default-1556304753948 [2019-05-17]
FF Homepage: Mozilla\Firefox\Profiles\mxi3et99.default-1556304753948 -> hxxps://www.google.sk/
FF Extension: (Telemetry coverage) - C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\mxi3et99.default-1556304753948\features\{9d8a27e6-4a7b-4831-a5e5-af2c7c14c84a}\telemetry-coverage-bug1487578@mozilla.org.xpi [2019-04-26] [Legacy]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-01-13] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jarda\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Jarda\AppData\Roaming\IDM\idmmzcc5 [2018-02-10] [Legacy] [not signed]
FF HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-17] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-17] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-13]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated -> Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated -> Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated -> Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-05-22] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-09-11] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation -> Intel Corporation)
R2 LDrvSvc; C:\Program Files (x86)\DTLSoft\DriveTheLife\LDrvSvc.dll [133984 2015-07-23] (Shenzhen DriveTheLife Software Technology Co.Ltd -> )
S3 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2018-01-28] (Dritek System Inc. -> Dritek System INC.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267864 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [118496 2017-08-10] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2018-03-04] () [File not signed]
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2017-09-26] (Protect Software GmbH -> Protect Software GmbH)
S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2017-09-26] (Protect Software GmbH -> Protect Software GmbH)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4319632 2017-08-07] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-05-17] (Tages SA -> )
R3 b57xdbd; C:\WINDOWS\System32\drivers\b57xdbd.sys [72280 2012-08-13] (Broadcom Corporation -> Broadcom Corporation)
R3 b57xdmp; C:\WINDOWS\System32\drivers\b57xdmp.sys [21080 2012-08-13] (Broadcom Corporation -> Broadcom Corporation)
R3 bScsiMSa; C:\WINDOWS\System32\drivers\bScsiMSa.sys [59088 2013-07-23] (Broadcom Corporation -> Broadcom Corporation)
R3 bScsiSDa; C:\WINDOWS\System32\drivers\bScsiSDa.sys [82128 2014-01-10] (Broadcom Corporation -> Broadcom Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [602128 2016-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 gcdbus; C:\WINDOWS\System32\drivers\gcdbus.sys [167424 2017-01-10] (Power Software Limited -> Power Software Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-17] (Martin Malik - REALiX -> REALiX(tm))
R3 k57nd60a; C:\WINDOWS\system32\DRIVERS\k57nd60a.sys [458960 2013-10-29] (Broadcom Corporation -> Broadcom Corporation)
R0 LDrvPro; C:\WINDOWS\System32\drivers\LDrvPro64.sys [195824 2019-05-17] (Shenzhen DriveTheLife Software Technology Co.Ltd -> 深圳市驱动人生软件技术有限公司)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-05-17] (Tages SA -> )
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-08] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-05-09] (Dritek System Inc. -> Dritek System Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2000-08-09] () [File not signed]
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [207840 2018-05-09] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S1 MpKsl1131c973; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5792B093-C78E-414B-960F-F1D6349BC324}\MpKsl1131c973.sys [X]
U4 nxdm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxtun; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-17 22:38 - 2019-05-17 22:40 - 000025661 _____ C:\Users\Jarda\Desktop\FRST.txt
2019-05-17 22:38 - 2019-05-17 22:38 - 000000000 ____D C:\FRST
2019-05-17 22:35 - 2019-05-17 22:35 - 002434560 _____ (Farbar) C:\Users\Jarda\Desktop\FRST64.exe
2019-05-17 21:01 - 2019-05-17 21:01 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\DriveTheLife2013
2019-05-17 21:01 - 2019-05-17 21:01 - 000000000 ____D C:\ProgramData\DriveTheLife2013
2019-05-17 20:54 - 2019-05-17 20:56 - 000000000 ____D C:\AdwCleaner
2019-05-17 20:45 - 2019-05-17 20:46 - 007025360 _____ (Malwarebytes) C:\Users\Jarda\Desktop\adwcleaner_7.3.exe
2019-05-11 17:02 - 2019-05-11 17:03 - 781467363 _____ C:\Users\Jarda\Desktop\MS GOTEBORG 2002 - FINÁLE - SVK vs RUS ( SK ).mp4
2019-05-11 10:06 - 2019-05-11 10:06 - 000000000 ____D C:\rsit
2019-05-11 10:06 - 2019-05-11 10:06 - 000000000 ____D C:\Program Files\trend micro
2019-05-11 08:44 - 2019-05-11 08:44 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Sun
2019-05-11 08:44 - 2019-05-11 08:44 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Sun
2019-05-11 08:44 - 2019-05-11 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-05-11 08:44 - 2019-05-11 08:43 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-05-11 08:42 - 2019-05-11 08:42 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-11 08:23 - 2019-05-11 08:23 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parker & Lane Twisted Minds CE Rus
2019-05-11 08:20 - 2019-05-11 08:20 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Floating Sandbox
2019-05-11 08:08 - 2019-05-11 08:08 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sinking Simulator 2.lnk
2019-05-01 12:24 - 2019-05-01 12:24 - 000000000 ____D C:\Users\Jarda\AppData\Local\ProjectStray
2019-04-30 22:58 - 2019-04-30 22:58 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Catmoon
2019-04-27 13:07 - 2019-04-27 13:22 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Cocopo
2019-04-27 12:58 - 2019-04-27 12:58 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\ParisJewelryShop
2019-04-27 12:56 - 2019-04-27 12:56 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\PlayWay
2019-04-27 08:17 - 2019-04-27 08:17 - 000000000 ____D C:\Users\Jarda\AppData\Local\Ashampoo
2019-04-26 22:10 - 2019-04-26 23:06 - 000000000 ____D C:\Program Files (x86)\VSO
2019-04-26 22:10 - 2019-04-26 22:15 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\VSO
2019-04-26 22:10 - 2019-04-26 22:10 - 000000000 ____D C:\ProgramData\VSO
2019-04-21 09:46 - 2019-05-11 09:12 - 000000000 ____D C:\Users\Jarda\Desktop\gta v
2019-04-20 09:15 - 2019-04-20 09:15 - 000000000 ____D C:\Users\Jarda\Documents\The Incredible Hulk
2019-04-20 09:02 - 2019-04-20 09:02 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\BeachPartyCraze
2019-04-20 08:50 - 2019-04-20 08:50 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Lisovenko Evgeniy
2019-04-20 08:47 - 2019-04-20 08:47 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\BalloonMoose
2019-04-20 08:39 - 2019-04-20 08:39 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Nothke
2019-04-20 08:35 - 2019-04-20 08:35 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Mass Creation
2019-04-20 08:33 - 2019-04-20 08:33 - 000000000 ____D C:\Users\Jarda\AppData\Local\DrunkenDad
2019-04-20 08:26 - 2019-04-20 08:26 - 000000000 ____D C:\Users\Jarda\AppData\Local\Downloaded Installations
2019-04-20 08:21 - 2019-04-20 08:21 - 000000000 ____D C:\ProgramData\Socialclub
2019-04-20 07:34 - 2019-04-20 07:36 - 000000632 _____ C:\WINDOWS\Sof2.INI
2019-04-20 07:21 - 2019-04-20 07:21 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\MMFApplications
2019-04-20 06:56 - 2019-04-20 06:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldier of Fortune [GOG.com]
2019-04-19 22:16 - 2019-04-19 22:16 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sally's Salon 3 - Kiss And Make-Up Collector's Edition
2019-04-19 22:14 - 2019-04-19 22:14 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paris Jewelry Shop
2019-04-19 22:13 - 2019-04-19 22:13 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fit Club
2019-04-19 22:13 - 2019-04-19 22:13 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farmland

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-17 22:40 - 2016-04-16 15:37 - 000000000 ____D C:\Users\Jarda\Downloads\Compressed
2019-05-17 22:33 - 2017-05-09 10:14 - 000000000 ____D C:\Users\Jarda\AppData\LocalLow\Mozilla
2019-05-17 22:29 - 2017-05-09 10:03 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2214875189-3760211905-2910999632-1002
2019-05-17 21:01 - 2018-11-11 09:21 - 000000000 ____D C:\DTLFolder
2019-05-17 21:00 - 2018-01-28 09:18 - 000000000 __SHD C:\Users\Jarda\IntelGraphicsProfiles
2019-05-17 20:59 - 2019-04-13 14:58 - 000002872 _____ C:\WINDOWS\System32\Tasks\Password Door
2019-05-17 20:58 - 2017-05-09 11:10 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-17 20:58 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-17 20:56 - 2018-10-28 09:10 - 000195824 _____ (深圳市驱动人生软件技术有限公司) C:\WINDOWS\system32\Drivers\LDrvPro64.sys
2019-05-17 20:51 - 2018-04-19 20:32 - 000004462 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-17 20:51 - 2017-11-14 18:28 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-05-17 20:51 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-17 20:51 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-17 20:45 - 2018-02-10 19:45 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\DMCache
2019-05-17 20:37 - 2018-10-28 00:38 - 000003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B227585-317E-48C4-AF92-FE6284F7FEFC}
2019-05-13 19:40 - 2018-02-06 11:31 - 000004128 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-13 19:33 - 2018-10-24 19:42 - 000017082 _____ C:\WINDOWS\system32\perfh01B.dat
2019-05-13 19:33 - 2018-10-24 19:42 - 000006132 _____ C:\WINDOWS\system32\perfc01B.dat
2019-05-13 19:33 - 2014-11-21 03:39 - 000872576 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-13 19:33 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2019-05-11 10:25 - 2019-03-12 15:11 - 001920512 ___SH C:\Users\Jarda\Desktop\Thumbs.db
2019-05-11 10:25 - 2018-10-14 09:44 - 000000000 ____D C:\Users\Jarda
2019-05-11 10:14 - 2019-03-13 19:01 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\MPC-HC
2019-05-11 10:02 - 2018-02-10 19:45 - 000000000 ____D C:\Users\Jarda\AppData\Roaming\IDM
2019-05-11 09:41 - 2017-11-05 21:20 - 000000000 ____D C:\Users\Jarda\AppData\Local\CrashDumps
2019-05-11 09:11 - 2018-09-02 19:30 - 000000000 ____D C:\Users\Jarda\Desktop\Games Full
2019-05-11 06:18 - 2017-05-09 10:12 - 000000000 ____D C:\Users\Jarda\AppData\Local\Mozilla
2019-05-01 12:53 - 2017-05-26 18:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-27 09:12 - 2018-02-10 19:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-26 20:43 - 2013-08-22 15:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-04-20 08:35 - 2019-03-02 18:54 - 000000000 ____D C:\Users\Jarda\Documents\My Games
2019-04-20 07:17 - 2017-07-09 00:56 - 000000000 ____D C:\Users\Jarda\Desktop\hry

==================== Files in the root of some directories =======

2018-08-12 10:40 - 2018-08-12 10:40 - 000029696 _____ () C:\Users\Jarda\AppData\Local\MSGBOX.EXE
2017-05-09 10:48 - 2019-03-12 14:35 - 000007597 _____ () C:\Users\Jarda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-17 22:28
==================== End of FRST.txt ============================



a Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by Jarda (17-05-2019 22:41:16)
Running from C:\Users\Jarda\Desktop
Windows 8.1 (Update) (X64) (2018-10-14 08:21:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2214875189-3760211905-2910999632-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2214875189-3760211905-2910999632-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2214875189-3760211905-2910999632-1010 - Limited - Enabled)
Jarda (S-1-5-21-2214875189-3760211905-2910999632-1002 - Administrator - Enabled) => C:\Users\Jarda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

25 to Life (HKLM-x32\...\{B8FE7CDD-61D0-445D-9209-E809780B51DD}) (Version: 1.00 - Eidos Interactive)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.106 - Alps Electric)
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-35eb8e22-edb2-4381-9c40-51faf29892ec) (Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Island - Game of the Year Edition (HKLM-x32\...\Dead Island - Game of the Year Edition_is1) (Version: - )
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-05d7ff1e-004e-4749-88e5-7778ea5f50bb) (Version: 3.0.2.32 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
ETDWare PS/2-X64 11.6.24.203_WHQL (HKLM\...\Elantech) (Version: 11.6.24.203 - ELAN Microelectronic Corp.)
Exodus From The Earth (HKLM\...\Exodus From The Earth) (Version: - Parallax Arts Studio Inc.)
Exodus From The Earth (HKLM-x32\...\Exodus From The Earth) (Version: - Parallax Arts Studio Inc.)
FormatFactory 4.4.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.0.0 - Free Time)
Free 3D Video Converter version 1.5 (HKLM-x32\...\Free 3D Video Converter_is1) (Version: 1.5 - Amazing Studio)
Free YouTube Downloader 4.2.795 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
gBurner Virtual Drive (HKLM-x32\...\gBurner Virtual Drive) (Version: 4.3 - Power Software Ltd)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b75444c4-8fbf-453b-996f-09cb9c50b729) (Version: 2.2.0.110 - WildTangent) Hidden
iDealshare VideoGo 6.6.0.5582 (HKLM-x32\...\{CC4C06C4-7C78-4aab-B5AF-33FB11CCD860}_is1) (Version: - iDealshare Corporation)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-82aa64d0-5a64-483d-80ff-66a468e99236) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-68b6d6c9-cf79-40a5-a752-4b4432ea3b82) (Version: 2.2.0.95 - WildTangent) Hidden
Killing Floor (HKLM-x32\...\Killing Floor_is1) (Version: Killing Floor V.1064 - ZM)
Kmotr® II (HKLM-x32\...\{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}) (Version: 1.0.764.0 - Electronic Arts)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.16 - PandoraTV)
KMPlayer 64X (HKLM\...\KMPlayer 64X) (Version: 2019.02.26.01 - PandoraTV)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8103 - Acer Incorporated)
Magic Academy (HKLM-x32\...\WTA-1b394455-54b8-48aa-89a6-7296dc3e2cf5) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes verzia 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 58.0 (x86 sk)) (Version: 58.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421051}) (Version: 7.02.9752 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
Parker & Lane Twisted Minds CE Rus (HKLM-x32\...\Parker & Lane Twisted Minds CE Rus) (Version: Parker & Lane Twisted Minds CE - HI-MEDIA.RU)
Password Door 9.0 (HKLM-x32\...\Password Door) (Version: 9.0 - TopLang software)
PhotoFilmStrip 3.0.2 (HKLM\...\PhotoFilmStrip_is1) (Version: 3.0.2 - Jens Göpfert)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-486c0442-feed-4523-9a09-cc18354f42b8) (Version: 2.2.0.98 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Prison Break (HKLM-x32\...\{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}) (Version: 1.00 - Deep Silver)
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8432 - Realtek Semiconductor Corp.)
Resource Hacker Version 4.5.30 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RonyaSoft Poster Designer 2.03 (HKLM-x32\...\RonyaSoft Poster Designer) (Version: 2.03 - RonyaSoft)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scorpions WinCheater (HKLM-x32\...\Scorpions WinCheater 2.07 (s databází 112)_is1) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sinking Simulator 2 (HKLM\...\{0E18C24D-EAF3-4850-B297-D922AA09994B}) (Version: 4.0 - Frederic Nieto)
Soldier of Fortune (HKLM-x32\...\1828104558_is1) (Version: 1.07F - GOG.com)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.69 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-3bd38996-4b11-4b6d-a0e1-9752c0ed9650) (Version: 2.2.0.110 - WildTangent) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
True Crime - Streets of LA (HKLM-x32\...\{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}) (Version: 1.00.0000 - Activision) Hidden
True Crime - Streets of LA (HKLM-x32\...\InstallShield_{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}) (Version: 1.00.0000 - Activision)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VideoWin Movie Maker 2017 (HKLM-x32\...\{3CC29C6A-B5FE-427B-8F23-32A2557A92C1}}_is1) (Version: - VideoWin)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Intel (NETwNe64) net (08/07/2012 15.5.0.42) (HKLM\...\3208E409D1A9ECC0257784D7C0AEAC3BA826402A) (Version: 08/07/2012 15.5.0.42 - Intel)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinHTTrack Website Copier 3.43-9D (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.43.12 - HTTrack)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 10.0.7.97) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.0.7.97 - Wondershare Software)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2018-10-24] (WildTangent Games)
7digital Music Store -> C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.10.3_x86__qv1vc61z2t2b4 [2018-10-28] (7digital Ltd)
Acer Crystal Eye -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.AcerCrystalEye_2.0.1804.25604_x86__ypz87dpxkv292 [2018-10-28] (CYBERLINK COM CORP)
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4 [2018-10-24] (Acer Incorporated)
Cut The Rope -> C:\Program Files\WindowsApps\ZeptoLabUKLimited.CutTheRope_1.2.0.43_x86__sq9zxnwrk84pj [2018-10-20] (ZeptoLab UK Limited)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-28] (AMZN Mobile LLC)
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw [2018-10-28] (MAGIX)
newsXpresso -> C:\Program Files\WindowsApps\esobiIncorporated.newsXpressoMetro_3.1.3.395_x86__sngswjb5h6fyg [2018-10-20] (Yisoubi Co. Ltd.)
Shark Dash -> C:\Program Files\WindowsApps\GAMELOFTSA.SharkDash_1.3.6.9_x64__0pp20fcewvvtj [2018-10-28] (GAMELOFT SA)
Social Jogger -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.SocialJogger_1.0.2228.0_neutral__ypz87dpxkv292 [2018-10-24] (CYBERLINK COM CORP)
The Treasures of Montezuma 3 -> C:\Program Files\WindowsApps\09B6C2D8.TheTreasuresofMontezuma3_1.0.1.1742_x86__hbbh9szp6erha [2013-05-09] (Alawar Entertainment Inc.)
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_1.0.1.587_neutral__6bhtb546zcxnj [2013-05-09] (TuneIn)
WeatherBug.a -> C:\Program Files\WindowsApps\WeatherBug.a.WeatherBug.a_2.0.4.0_neutral__78zd3kp756dy4 [2018-10-20] (WeatherBug!)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2018-10-24] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> [CC]{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jarda\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2013-09-07 02:48 - 2013-09-07 02:48 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 02:45 - 2013-09-07 02:45 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-09-07 02:52 - 2013-09-07 02:52 - 000132736 _____ (Qualcomm Atheros -> Atheros Communications) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2013-09-07 02:52 - 2013-09-07 02:52 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2013-09-07 02:52 - 2013-09-07 02:52 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2013-09-07 02:53 - 2013-09-07 02:53 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2013-09-07 02:53 - 2013-09-07 02:53 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutlookLib.dll
2013-09-07 02:53 - 2013-09-07 02:53 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2013-09-07 02:53 - 2013-09-07 02:53 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2013-09-07 02:53 - 2013-09-07 02:53 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 000312448 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
2013-09-07 02:46 - 2013-09-07 02:46 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000209920 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2013-09-07 02:46 - 2013-09-07 02:46 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2013-09-07 02:46 - 2013-09-07 02:46 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2013-09-07 02:43 - 2013-09-07 02:43 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2013-09-07 02:46 - 2013-09-07 02:46 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2013-09-07 02:46 - 2013-09-07 02:46 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2013-09-07 02:43 - 2013-09-07 02:43 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2013-09-07 02:47 - 2013-09-07 02:47 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll
2018-01-13 18:35 - 2018-01-14 09:08 - 004091960 _____ (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-11-14 22:12 - 2018-08-12 13:16 - 000000035 _____ C:\WINDOWS\system32\drivers\etc\hosts


2017-11-14 22:12 - 2017-09-20 12:10 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jarda\Desktop\pictures\FB_IMG_15457390686675798.jpg
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdminService"
HKLM\...\StartupApproved\Run32: => "DLLSuite2016"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FC7187F7-82DA-42EA-8326-D3BFB76780EF}C:\users\jarda\saved games\killingfloor\system\killingfloor.exe] => (Block) C:\users\jarda\saved games\killingfloor\system\killingfloor.exe () [File not signed]
FirewallRules: [TCP Query User{0FEDBD06-FF9D-4174-BA1C-53A181259EB0}C:\users\jarda\saved games\killingfloor\system\killingfloor.exe] => (Block) C:\users\jarda\saved games\killingfloor\system\killingfloor.exe () [File not signed]
FirewallRules: [{D42E7D43-6188-4D1D-9A28-710F71C726A4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{10283835-24DE-4809-B357-6C8BBC29AA1C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [UDP Query User{35F9CC04-B55A-4F4D-8B92-B71E0C8A0149}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{B3E461B1-4973-4576-926E-8EA098F9F79C}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe (Acer Incorporated -> acer)
FirewallRules: [UDP Query User{BF32BBA3-1823-46E6-B0EA-BFEA38586FA3}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Allow) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{8B14C2B8-27F7-41C8-A139-564F52C8F2EA}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Allow) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [UDP Query User{1DE43CD0-FC5C-4ABE-BD7F-3E271E21D4B2}C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe] => (Block) C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{BED51BB7-5877-475F-BF04-42DFB2DACF0C}C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe] => (Block) C:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe (Acer Incorporated -> acer)
FirewallRules: [UDP Query User{3E317615-3B3E-41A0-A263-D95C95A9D7F1}C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{E8E3BB31-502A-4E68-AC26-42F4CB6B62E8}C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi media\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [UDP Query User{BF01062C-B321-48F6-8BE5-4D0036AE8B68}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{7F9F930F-02B8-4D28-A066-7912D6C4E5C1}C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\windowsupnp.exe (Acer Incorporated -> acer)
FirewallRules: [UDP Query User{3BF626A2-B174-450D-B395-3FA544617F6D}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{7BC26475-1DB2-4D0F-BE0C-B62C0163B3DE}C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{2170EFED-8F23-4E70-9676-316AD52B5A78}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A3C0399D-7D7A-4BCC-ACF8-6EECCEFDDE28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0465D928-CE17-474A-AD38-0F0107A83A5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CA0EE244-262E-449F-B7D1-DC064AA4E3C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3441D97B-665E-4F64-B783-3E955A4CF453}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4C9609DC-F2AE-4AC4-80A4-63C60F11B332}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B6FC1EA-BC8D-413B-BC84-7D2FB03F4F62}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{620FE006-B313-4650-BBD8-FD8311E700FE}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{6DA46DD5-16A7-4B8A-B145-1410CE2A6785}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{5A25D6E1-E4F9-432F-BB43-ED65083D3B9A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A4869FE6-00EC-47AF-A025-2751DDE46169}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{D44A2FC1-203C-40C9-9B39-3A6B9A7E6EFF}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A3D0A87F-5AF1-4DB1-82E0-07A8725969BC}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe (Shenzhen DriveTheLife Software Technology Co.Ltd -> Drive The Life Co., Ltd.)
FirewallRules: [{03C2245C-5327-4262-B1D4-33A94336BAC3}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\LDrvSvc.dll (Shenzhen DriveTheLife Software Technology Co.Ltd -> )
FirewallRules: [{3981DA55-8343-44F7-AED0-AAA5EE5B8B20}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{7E195532-34DC-4B40-B34E-003A6A64CEAA}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe (Shenzhen DriveTheLife Software Technology Co.Ltd -> 深圳市驱动人生软件技术有限公司)
FirewallRules: [{C2C69B80-A578-4C5D-B306-9B61B9A3E3E5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B2A2AD46-C501-4109-BF48-536294A08972}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{19A38823-6728-47D4-BACA-273B6A36068E}C:\users\jarda\saved games\soldier of fortune\sof.exe] => (Allow) C:\users\jarda\saved games\soldier of fortune\sof.exe (Raven Software) [File not signed]
FirewallRules: [UDP Query User{E50D3DB6-1D6A-4437-AD6C-D59D3B53F5F8}C:\users\jarda\saved games\soldier of fortune\sof.exe] => (Allow) C:\users\jarda\saved games\soldier of fortune\sof.exe (Raven Software) [File not signed]

==================== Restore Points =========================

27-04-2019 09:11:37 Revo Uninstaller's restore point - Ashampoo Cinemagraph
01-05-2019 12:29:00 Revo Uninstaller's restore point - Revulsion
11-05-2019 08:05:59 Installed Sinking Simulator 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2019 09:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: IAStorDataMgrSvc.exe, verzia: 11.5.4.1001, časová značka: 0x502d5a1d
Názov chybujúceho modulu: IAStorUtil.ni.dll, verzia: 11.5.4.1001, časová značka: 0x502d5a19
Kód výnimky: 0xc0000005
Odstup chyby: 0x0002e431
Identifikácia chybujúceho procesu: 0xbb8
Čas spustenia chybujúcej aplikácie: 0x01d50ce308977be3
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta chybujúceho modulu: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\be97887b8f5e236d25364f14eb77d909\IAStorUtil.ni.dll
Identifikácia hlásenia: 6174ca6c-78d6-11e9-bfdb-bc8556123412
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (05/17/2019 09:02:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/17/2019 09:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NASvc.exe, verzia: 11.0.31.0, časová značka: 0x50002b1d
Názov chybujúceho modulu: NASvc.exe, verzia: 11.0.31.0, časová značka: 0x50002b1d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00036d19
Identifikácia chybujúceho procesu: 0x9a8
Čas spustenia chybujúcej aplikácie: 0x01d50ce3133fa16e
Cesta chybujúcej aplikácie: c:\Program Files (x86)\Nero\Update\NASvc.exe
Cesta chybujúceho modulu: c:\Program Files (x86)\Nero\Update\NASvc.exe
Identifikácia hlásenia: 581891e7-78d6-11e9-bfdb-bc8556123412
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (05/11/2019 08:07:18 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jaroslav)
Description: Product: Floating Sandbox 1.10.0.0 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/11/2019 08:06:40 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jaroslav)
Description: Product: Floating Sandbox 1.10.0.0 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/11/2019 08:06:40 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jaroslav)
Description: Product: Floating Sandbox 1.10.0.0 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/11/2019 08:06:36 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jaroslav)
Description: Product: Floating Sandbox 1.10.0.0 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/11/2019 07:29:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a954

Start Time: 01d507ae092eadcd

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: b950706a-73ac-11e9-bfda-bc8556123412

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (05/17/2019 10:29:21 PM) (Source: DCOM) (EventID: 10010) (User: Jaroslav)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (05/17/2019 10:28:56 PM) (Source: DCOM) (EventID: 10010) (User: Jaroslav)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (05/17/2019 09:03:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (05/17/2019 09:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Nero Update sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (05/17/2019 09:00:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Device Setup Manager sa pri spustení zablokovala.

Error: (05/17/2019 08:59:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Secure Socket Tunneling Protocol Service, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
Operácia sa úspešne dokončila.

Error: (05/17/2019 08:59:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Wondershare Application Framework Service bol dosiahnutý časový limit (30000 ms).

Error: (05/17/2019 08:57:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Windows Search, od ktorej závisí služba Služba sieťového zdieľania pre prehrávač Windows Media Player, zlyhalo kvôli nasledujúcej chybe:
Služba ešte nebola spustená.


Windows Defender:
===================================
Date: 2019-05-17 22:33:31.322
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C49AE31E-7D51-4ED2-B6D3-A0D1AAA2D345}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-13 19:32:59.326
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147683827
Name: Worm:VBS/Jenxcus!lnk
ID: 2147683827
Severity: Závažná
Category: Červ
Path: file:_F:\08,-05,-07-(kompilácia-6)-Máša-a-Medveď-Full-HD-1080p-(anglicky)-Masha-and-The-Bear---Compilation-6-(3-episodes-in-English)-New-Collection-for-kids.lnk;file:_F:\The.lnk;file:_F:\Triky s trpaslíky-2018 CZ.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.293.1347.0, AS: 1.293.1347.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-05-13 19:32:58.154
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147683827
Name: Worm:VBS/Jenxcus!lnk
ID: 2147683827
Severity: Závažná
Category: Červ
Path: file:_F:\08,-05,-07-(kompilácia-6)-Máša-a-Medveď-Full-HD-1080p-(anglicky)-Masha-and-The-Bear---Compilation-6-(3-episodes-in-English)-New-Collection-for-kids.lnk;file:_F:\The.lnk;file:_F:\Triky s trpaslíky-2018 CZ.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.293.1347.0, AS: 1.293.1347.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-05-13 19:32:52.794
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147683827
Name: Worm:VBS/Jenxcus!lnk
ID: 2147683827
Severity: Závažná
Category: Červ
Path: file:_F:\The.lnk;file:_F:\Triky s trpaslíky-2018 CZ.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.293.1347.0, AS: 1.293.1347.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-05-13 19:31:36.681
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147683827
Name: Worm:VBS/Jenxcus!lnk
ID: 2147683827
Severity: Závažná
Category: Červ
Path: file:_F:\08,-05,-07-(kompilácia-6)-Máša-a-Medveď-Full-HD-1080p-(anglicky)-Masha-and-The-Bear---Compilation-6-(3-episodes-in-English)-New-Collection-for-kids.lnk;file:_F:\Fantastic.lnk;file:_F:\The.lnk;file:_F:\Triky s trpaslíky-2018 CZ.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.293.1347.0, AS: 1.293.1347.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-03-08 20:45:32.337
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-03-08 20:45:11.063
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.220.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-03-08 20:45:11.063
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.220.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-03-08 20:44:48.977
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.220.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x8024402f
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2019-05-17 20:58:12.771
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-26 20:44:31.052
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-21 07:44:08.113
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-20 09:08:46.944
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-18 07:43:24.638
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-13 15:01:49.142
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-13 14:41:54.581
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-31 12:46:36.318
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde Corp. V2.17 07/02/2013
Motherboard: Acer EA50_HC_CR
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3911.27 MB
Available physical RAM: 2174.23 MB
Total Virtual: 4871.27 MB
Available Virtual: 2691.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:68.35 GB) NTFS

\\?\Volume{1365bb28-c031-4ce5-9094-5cfc1cccc921}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{7235f7fe-e99a-4472-b794-1eaa0d1ae0ce}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{06dd8e21-ead6-4352-ac57-5f0fcfefad77}\ (Push Button Reset) (Fixed) (Total:15.64 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4EAFD38C)

Partition: GPT.

==================== End of Addition.txt ============================

dakujem

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontola pc

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    GroupPolicy: Restriction ? <==== ATTENTION
    Task: {E5CCCCCF-3712-4068-BA83-8E50B4F47CEF} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL = 
    SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> {42F02A82-1141-4AF7-8599-D7C2407F4066} URL = 
    S1 MpKsl1131c973; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5792B093-C78E-414B-960F-F1D6349BC324}\MpKsl1131c973.sys [X]
    U4 nxdm; no ImagePath
    U4 nxfs; no ImagePath
    U4 nxpcap; no ImagePath
    U4 nxsshd; no ImagePath
    U4 nxtun; no ImagePath
    U4 nxusbd; no ImagePath
    U4 nxusbh; no ImagePath
    U4 nxusbs; no ImagePath
    File: C:\WINDOWS\system32\Drivers\LDrvPro64.sys
    2018-08-12 10:40 - 2018-08-12 10:40 - 000029696 _____ () C:\Users\Jarda\AppData\Local\MSGBOX.EXE
    ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> No File
    ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
    ContextMenuHandlers3: [FTShellContext] -> [CC]{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jarek26
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 23 pro 2008 16:01
Bydliště: Bardejov
Kontaktovat uživatele:

Re: kontola pc

#7 Příspěvek od jarek26 »

dobry den,
tsk posielam ten log
dakujem

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by Jarda (18-05-2019 08:56:03) Run:1
Running from C:\Users\Jarda\Desktop
Loaded Profiles: Jarda (Available Profiles: Jarda & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
GroupPolicy: Restriction ? <==== ATTENTION
Task: {E5CCCCCF-3712-4068-BA83-8E50B4F47CEF} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> DefaultScope {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
SearchScopes: HKU\S-1-5-21-2214875189-3760211905-2910999632-1002 -> {42F02A82-1141-4AF7-8599-D7C2407F4066} URL =
S1 MpKsl1131c973; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5792B093-C78E-414B-960F-F1D6349BC324}\MpKsl1131c973.sys [X]
U4 nxdm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxtun; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath
File: C:\WINDOWS\system32\Drivers\LDrvPro64.sys
2018-08-12 10:40 - 2018-08-12 10:40 - 000029696 _____ () C:\Users\Jarda\AppData\Local\MSGBOX.EXE
ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => -> No File
ContextMenuHandlers3: [FTShellContext] -> [CC]{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 1802
Average :
Sum : 73571178853
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5CCCCCF-3712-4068-BA83-8E50B4F47CEF} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5CCCCCF-3712-4068-BA83-8E50B4F47CEF} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully
"HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2214875189-3760211905-2910999632-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42F02A82-1141-4AF7-8599-D7C2407F4066} => removed successfully
HKLM\Software\Classes\CLSID\{42F02A82-1141-4AF7-8599-D7C2407F4066} => not found
HKLM\System\CurrentControlSet\Services\MpKsl1131c973 => removed successfully
MpKsl1131c973 => service removed successfully
HKLM\System\CurrentControlSet\Services\nxdm => removed successfully
nxdm => service removed successfully
HKLM\System\CurrentControlSet\Services\nxfs => removed successfully
nxfs => service removed successfully
HKLM\System\CurrentControlSet\Services\nxpcap => removed successfully
nxpcap => service removed successfully
HKLM\System\CurrentControlSet\Services\nxsshd => removed successfully
nxsshd => service removed successfully
HKLM\System\CurrentControlSet\Services\nxtun => removed successfully
nxtun => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbd => removed successfully
nxusbd => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbh => removed successfully
nxusbh => service removed successfully
HKLM\System\CurrentControlSet\Services\nxusbs => removed successfully
nxusbs => service removed successfully

========================= File: C:\WINDOWS\system32\Drivers\LDrvPro64.sys ========================

C:\WINDOWS\system32\Drivers\LDrvPro64.sys
File is digitally signed
MD5: DEF2B5511421F727881D38F5D4618226
Creation and modification date: 2018-10-28 09:10 - 2019-05-17 20:56
Size: 000195824
Attributes: ----A
Company Name: Shenzhen DriveTheLife Software Technology Co.Ltd -> 深圳市驱动人生软件技术有限公司
Internal Name: LDrvPro
Original Name: LDrvPro
Product: 驱动人生
Description: 驱动人生,驱动保护
File Version: 1, 0, 2, 5
Product Version: 1, 0, 2, 5
Copyright: Copyright (C) 2012 深圳市驱动人生软件技术有限公司。保留所有权利。
VirusTotal: https://www.virustotal.com/file/b512104 ... 527680948/

====== End of File: ======

C:\Users\Jarda\AppData\Local\MSGBOX.EXE => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Atheros => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Cover Designer => removed successfully
HKLM\Software\Classes\CLSID\[CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\FTShellContext => removed successfully
HKLM\Software\Classes\CLSID\[CC]{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23198520 B
Java, Flash, Steam htmlcache => 1235 B
Windows/system/drivers => 1374263 B
Edge => 0 B
Chrome => 0 B
Firefox => 34257790 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 560 B
LocalService => 0 B
NetworkService => 77794 B
Jarda => 11627225 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 75.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:59:17 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontola pc

#8 Příspěvek od Conder »

:arrow: Plocha ma skoro 70 GB, co je prilis vela. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

:arrow: Odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update.

:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět