Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Prosím o kontrolu logu

#1 Příspěvek od kamistr »

Zdravim,

ked otvorim prehliadac Firefox alebo Chrome, tak mi zacne vyskakovat okno , aby som zadal udaje na Pay pal , neovladam kurzor a stale to prehadzuje, ako keby s tym niekto pracoval . Dalej sa mi zobrazi dialogove okno na ploche a vyziva ma na zadanie udajov ,, okno sa vola,, Hecker,, , musel som stiahnut daku haved .

Dakujem za pomoc !!!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2020
Ran by Kamil (administrator) on KAMIL-PC (Gigabyte Technology Co., Ltd. GA-990XA-UD3) (15-01-2020 12:25:31)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\ProgramData\wininit.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\70.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\command.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\Driver.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\chrome..exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\Microsoft\svchost.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\Secript.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\server.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\sovx.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\System64.exe
() [File not signed] C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe
() [File not signed] C:\Users\Kamil\AppData\Roaming\explorer.exe
() [File not signed] C:\Users\Kamil\AppData\Roaming\svchost.exe
() [File not signed] C:\Users\Kamil\AppData\Roaming\system32.exe
() [File not signed] C:\Users\Kamil\svchost.exe
() [File not signed] C:\Users\Kamil\system.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AdminService.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Atheros Communications Inc. -> Atheros Communications) [File not signed] C:\Program Files\Bluetooth Suite\BtvStack.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(Duality Software) [File not signed] C:\Program Files\DS Clock\dsclock.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Hagel Technologies Ltd -> Hagel Technologies Ltd) [File not signed] C:\Program Files\DU Meter\DUMeterSvc.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nokia -> Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics) [File not signed] C:\ProgramData\Synaptics\Synaptics.exe
(word file) [File not signed] C:\Users\Kamil\AppData\Local\Temp\Client.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications Inc. -> Atheros Communications) [File not signed]
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKLM\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKLM\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-fe ... sxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\dsclock.exe [323584 2003-06-06] (Duality Software) [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia -> Nokia)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Synaptics Pointing Device Driver] => C:\ProgramData\Synaptics\Synaptics.exe [771584 2019-09-19] (Synaptics) [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Windows Updates] => C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\winlogon.vbs [235 2019-07-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [System32] => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [34d91dfb34a7283483d0aaba9d10147d] => C:\Users\Kamil\AppData\Local\Temp\Microsoft\svchost.exe [41472 2019-11-10] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files\Common Files\LightScribe\LSRunOnce.exe [2010-06-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1026470df5385af8d83ee7e2514c8469.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1998035b685796d01f79197bd5bee7fb.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\270bc2a14df607672c960a7955ac47ec.exe [2020-01-15] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2c7998d77330dbd296a15992ba62701a.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d719acf32f95a0babd6cce10e7d02bd.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3933254291d429c757f15b8b22ecccf6.exe [2019-12-17] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3faffb3040aea7f7d7747271c38ce627.exe [2019-09-12] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8914f0ae732a4b8ccda2a57450603ccd.exe [2019-12-19] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\954275c2a385362432d4f13360ed1ff4.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cebb308efb152afa9b7e187490cc3a9a.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d620e348213b3bb3ba0246f26b9e96bc.exe [2020-01-08] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2019-11-10] () [File not signed] <==== ATTENTION
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3AEC.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp44A5.tmp.vbs [2020-01-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5169.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7796.tmp.vbs [2020-01-09] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp79D8.tmp.vbs [2019-09-30] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0922236E-AFED-405F-96A5-56679736A1B7} - System32\Tasks\Driver Booster SkipUAC (Kamil) => C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {1744284E-D72B-4FB5-8F75-383DCA0AA80D} - System32\Tasks\{6D875A5B-0703-47AD-919B-1C85F19B83F0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\TC UP\TC UP.exe" -d "C:\Program Files\TC UP"
Task: {28DE678F-CAA4-43CC-92FD-F915E0ABB696} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {32EAC19F-04CD-4F4A-966B-A0E20DCEA134} - System32\Tasks\sssssssss => C:\Users\Kamil\Music\nn.exe
Task: {3CCC4B84-C260-4A35-A8F4-4148C2BBE5A4} - System32\Tasks\System32 => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
Task: {679C185F-C174-41DA-B645-3EAAE5A7E7C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-03-28] (Google Inc -> Google Inc.)
Task: {718002DC-441E-45EF-A7D3-EC99CCC112D6} - System32\Tasks\{6A9A6746-189F-40E9-866D-A794DD628277} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {87A65AD8-152C-439B-B8F5-EB8507425E69} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-15] (Adobe Inc. -> Adobe)
Task: {8E437444-E35F-4313-8BC8-91FD1DE2C911} - System32\Tasks\{2F53AFB3-BF87-41BA-9906-924B8988776D} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8E4DD813-46BA-4117-A16C-34C045517E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-03-28] (Google Inc -> Google Inc.)
Task: {907DBFB6-690F-4BD0-9CF1-E8AE3E9867B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {96CCE673-A4E1-48EE-8E1D-33CD41B8B1C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9D863C86-5BED-43A8-87BD-7F9DF0AFBE9D} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [77824 2008-06-27] () [File not signed]
Task: {C713DE78-1CB1-46C1-BD1B-68B1E44966E9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {E719B26C-D23E-4B45-A96D-B6635B79C680} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-15] (Adobe Inc. -> Adobe)
Task: {F05BF5B5-2F80-424B-9587-06EBEC1B3A25} - System32\Tasks\{F6C0A0DD-0931-4144-8E4C-FC5BD8DE0259} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {FDBB164E-D8D9-48CF-9F1B-AAB7909490AF} - System32\Tasks\{3AE4C49B-AF29-4392-8EA2-B09B36DB8B5F} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{7CE69006-A9F5-4F2A-9FC9-BA743A4AF9ED}: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{D620EBB2-40AB-4CB4-B107-5F6BCF8B53C0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] () [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] () [File not signed]
Handler: WSKVAllmytubechrome - No CLSID Value -

FireFox:
========
FF DefaultProfile: ht3jbfth.default-1368257689736
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 [2020-01-15]
FF DownloadDir: C:\Users\Kamil\Downloads
FF Homepage: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.google.sk/
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02] [Legacy]
FF Extension: (Video Downloader professional) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\ffext_basicvideoext@startpage24.xpi [2018-10-13]
FF Extension: (YouTube mp3) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\info@youtube-mp3.org.xpi [2017-01-03] [Legacy]
FF Extension: (Translate This!) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2017-01-03] [Legacy]
FF Extension: (To Google Translate) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-30]
FF Extension: (Google™ Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2017-01-01] [Legacy]
FF Extension: (Translator Widget) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-Gz4hrxvpY3RFJw@jetpack.xpi [2017-02-20] [Legacy]
FF Extension: (AdBlock) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-10-13]
FF Extension: (S3.Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\s3google@translator.xpi [2018-10-13]
FF Extension: (Google Translator for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\translator@zoli.bod.xpi [2019-12-14]
FF Extension: (Stylus Blue) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{11a41736-a1d5-4b1d-9cc3-983ed6a3ad30}.xpi [2019-03-21]
FF Extension: (walnut) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{192acb99-bee0-4373-9d46-09b18ad6fba9}.xpi [2019-03-28]
FF Extension: (Autumn Forest) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{46e6b376-15af-4ceb-8ac0-4820dd7e19d4}.xpi [2019-03-28]
FF Extension: (Grungedpaper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{91ef5856-a93b-4a8a-b102-909b6f6865e9}.xpi [2019-03-21]
FF Extension: (rustic walnut) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{a91e51b1-7ed9-4087-8dce-4f1d42436be8}.xpi [2019-03-21]
FF Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-24]
FF Extension: (Online Translator Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2017-02-20] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-13]
FF Extension: (Spring and Swallows) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{decd5f4c-bc93-4cc3-a305-0221fa9420c7}.xpi [2019-03-28]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\bing-.xml [2016-12-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-07-12] [Legacy] [not signed]
FF HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] (Nokia -> )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2020-01-15]
CHR Extension: (Prekladač Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19]
CHR Extension: (Speed Test) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2017-12-12]
CHR Extension: (internet Download Manager For Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhjobkfabeopalncconblmakfcllmhk [2017-09-24]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-30]
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (S3.Translator) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnnjfbneojbmioajinefnflopdohjk [2019-12-15]
CHR Extension: (Social Network Adblocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2018-11-22]
CHR Extension: (Translate Selected Text) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2017-06-24]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-07-11]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-19]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2019-12-31]
CHR Extension: (Skype) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-06-26]
CHR Extension: (Kontrola pošty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Hover Zoom+) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2019-10-08]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2007-10-15] (Hagel Technologies Ltd -> Hagel Technologies Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-19] (Even Balance, Inc. -> )
R3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14155832 2020-01-06] (Adlice -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2017-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Atheros Communications Inc. -> Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2020-01-08] (Tages SA -> )
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-03-28] (IVT CORPORATION -> IVT Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG -> Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2017-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2017-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [92032 2007-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-12] (Martin Malik - REALiX -> REALiX(tm))
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2020-01-08] (Tages SA -> )
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [19072 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (WDKTestCert charles-yeh,131069736795923936 -> Prolific Technology Inc.)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2012-04-19] (Duplex Secure Ltd -> Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2020-01-15] (Adlice -> )
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [20256 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-02-29] (Wondershare Software Co., Ltd. -> Wondershare)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-15 12:25 - 2020-01-15 12:26 - 000042742 _____ C:\Users\Kamil\Desktop\FRST.txt
2020-01-15 12:25 - 2020-01-15 12:26 - 000000000 ____D C:\FRST
2020-01-15 12:25 - 2020-01-15 12:25 - 002303488 ___SH (Farbar) C:\Users\Kamil\Desktop\._cache_FRST.exe
2020-01-15 12:21 - 2020-01-15 12:19 - 003077632 _____ (Synaptics) C:\Users\Kamil\Desktop\FRST.exe
2020-01-15 12:19 - 2020-01-15 12:19 - 003077632 ____N (Synaptics) C:\Users\Kamil\Downloads\FRST.exe
2020-01-15 12:09 - 2020-01-15 12:09 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-01-15 12:09 - 2020-01-15 12:09 - 000001005 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-01-15 12:02 - 2020-01-15 12:06 - 046292096 _____ (Adlice Software ) C:\Users\Kamil\Downloads\RogueKiller_setup.exe
2020-01-15 11:19 - 2020-01-15 11:19 - 000000000 ____D C:\ESD
2020-01-15 11:16 - 2020-01-15 11:44 - 020028928 ____N (Synaptics) C:\Users\Kamil\Downloads\MediaCreationTool1909.exe
2020-01-15 11:16 - 2020-01-15 11:16 - 000000000 ___HD C:\$Windows.~WS
2020-01-15 11:16 - 2020-01-15 11:16 - 000000000 ____D C:\$WINDOWS.~BT
2020-01-15 11:06 - 2020-01-15 11:44 - 006279168 ____N (Synaptics) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer (1).exe
2020-01-15 11:01 - 2020-01-15 11:05 - 006279168 ____N (Synaptics) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer(1).exe
2020-01-15 10:59 - 2020-01-15 11:05 - 006279168 ____N (Synaptics) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer.exe
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ C:\Users\Kamil\system.exe
2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ C:\ProgramData\wininit.exe
2020-01-08 20:50 - 2020-01-08 20:50 - 050540001 ___SH C:\Users\Kamil\Desktop\._cache_An1404.exe
2020-01-08 20:12 - 2020-01-08 20:12 - 000000000 ____D C:\ProgramData\Tages
2020-01-08 20:11 - 2020-01-08 20:11 - 000281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2020-01-08 20:11 - 2020-01-08 20:11 - 000025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2020-01-08 20:11 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2020-01-08 20:11 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2020-01-08 20:11 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2020-01-08 20:11 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2020-01-08 20:11 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2020-01-08 20:11 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2020-01-08 20:11 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2020-01-08 20:11 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2020-01-08 20:11 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2020-01-08 20:11 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2020-01-08 20:11 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2020-01-08 20:11 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2020-01-08 20:11 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2020-01-08 20:11 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2020-01-08 20:11 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2020-01-08 20:11 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2020-01-08 20:11 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2020-01-08 20:11 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2020-01-08 20:11 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2020-01-08 20:11 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2020-01-08 20:11 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2020-01-08 20:11 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2020-01-08 20:11 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2020-01-08 20:11 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2020-01-08 20:11 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2020-01-08 20:11 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2020-01-08 20:11 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2020-01-08 20:11 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2020-01-08 20:11 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2020-01-08 20:11 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2020-01-08 20:11 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2020-01-08 20:11 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2020-01-08 20:11 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2020-01-08 20:11 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2020-01-08 20:11 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2020-01-08 20:11 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2020-01-08 20:11 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2020-01-08 20:08 - 2020-01-08 20:08 - 000000000 ____D C:\Program Files\Ubisoft
2020-01-07 13:25 - 2020-01-07 13:25 - 000054842 _____ C:\Users\Kamil\Downloads\3620003683.pdf
2019-12-31 12:40 - 2019-12-31 12:40 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Sun
2019-12-31 12:40 - 2019-12-31 12:40 - 000000000 ____D C:\Program Files\Common Files\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000112696 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\Program Files\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\Program Files\Common Files\Oracle
2019-12-17 16:08 - 2019-12-17 16:13 - 001590784 ____N (Synaptics) C:\Users\Kamil\Downloads\VideoDownloader-[1463353425.1576595305,691,yt-bcnWysA9gxo,,].exe
2019-12-16 11:12 - 2019-12-16 11:12 - 000000173 _____ C:\Users\Kamil\Desktop\Jednota.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-15 12:11 - 2015-03-21 10:07 - 000024688 _____ C:\Windows\system32\Drivers\truesight.sys
2020-01-15 12:09 - 2015-08-27 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-01-15 12:09 - 2015-08-27 23:54 - 000000000 ____D C:\Program Files\RogueKiller
2020-01-15 12:09 - 2015-03-21 10:07 - 000000000 ____D C:\ProgramData\RogueKiller
2020-01-15 11:59 - 2016-12-13 15:38 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\Mozilla
2020-01-15 11:56 - 2010-11-20 22:01 - 000008582 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-15 11:50 - 2009-07-14 05:34 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-15 11:50 - 2009-07-14 05:34 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-15 11:44 - 2019-03-22 07:33 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2020-01-15 11:44 - 2019-03-22 07:33 - 000000035 _____ C:\ProgramData\Documents\AtherosServiceConfig.ini
2020-01-15 11:43 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-15 11:39 - 2012-04-18 19:27 - 000000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job
2020-01-15 11:16 - 2012-04-18 19:19 - 000000000 ____D C:\Windows\Panther
2020-01-15 11:05 - 2019-09-19 15:38 - 000000000 __SHD C:\Users\Kamil\AppData\Roaming\WinSl
2020-01-15 11:05 - 2017-04-25 11:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-15 11:05 - 2017-03-29 04:36 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-01-15 11:05 - 2012-04-18 19:27 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job
2020-01-15 10:58 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-01-15 09:18 - 2018-03-13 23:18 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-15 09:18 - 2012-07-19 15:59 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-01-15 09:18 - 2012-07-19 15:59 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-01-15 09:18 - 2012-07-19 15:59 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-15 09:18 - 2012-07-19 15:59 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-13 13:59 - 2012-04-18 18:26 - 000000000 ____D C:\Users\Kamil
2020-01-12 13:34 - 2012-04-19 15:22 - 000183112 _____ C:\Windows\system32\PnkBstrB.exe
2020-01-12 13:34 - 2012-04-19 15:22 - 000138184 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2020-01-09 05:25 - 2017-03-28 16:19 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-08 20:53 - 2012-04-18 18:32 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2020-01-08 20:53 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-01-04 06:05 - 2014-11-25 19:35 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2020-01-03 14:11 - 2018-07-13 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-01-02 16:06 - 2016-06-26 05:21 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2020-01-01 11:45 - 2013-03-21 20:27 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Thunderbird
2019-12-31 16:16 - 2012-05-28 10:02 - 000000000 ____D C:\Program Files\JDownloader
2019-12-28 11:20 - 2019-09-12 11:22 - 000024064 _____ C:\Users\Kamil\AppData\Roaming\explorer.exe
2019-12-19 17:18 - 2017-04-25 13:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-19 09:02 - 2013-04-02 16:25 - 000001414 _____ C:\Users\Kamil\Desktop\Heslo.txt
2019-12-17 17:01 - 2013-03-14 09:16 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\PC Suite
2019-12-17 16:13 - 2019-09-19 15:37 - 000024064 _____ C:\Users\Kamil\AppData\Roaming\system32.exe
2019-12-17 15:47 - 2013-03-28 06:30 - 000000000 ____D C:\Users\Kamil\dwhelper

==================== Files in the root of some directories ========

2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ () C:\ProgramData\wininit.exe
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ () C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ () C:\Users\Kamil\system.exe
2019-09-20 06:14 - 2019-08-10 13:37 - 000018184 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018184 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l2-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020744 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-localization-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-processthreads-l1-1-1.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-synch-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-timezone-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000022280 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-convert-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-environment-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020232 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-filesystem-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000019208 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-heap-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-locale-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000028936 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-math-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000026376 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-multibyte-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000022792 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-runtime-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000024328 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-stdio-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000024328 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-string-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020744 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-time-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-utility-l1-1-0.dll
2019-09-12 11:22 - 2019-12-28 11:20 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\explorer.exe
2019-09-20 06:14 - 2019-08-10 13:37 - 000453416 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msvcp140.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 002696736 _____ (Mozilla Foundation) C:\Users\Kamil\AppData\Roaming\nss3.dll
2019-09-12 12:34 - 2019-09-12 12:34 - 000471040 ____H () C:\Users\Kamil\AppData\Roaming\svchost.exe
2019-09-19 15:37 - 2019-12-17 16:13 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\system32.exe
2019-09-20 06:14 - 2019-08-10 13:37 - 001172232 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\ucrtbase.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000082752 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\vcruntime140.dll
2019-08-18 17:41 - 2019-09-07 10:52 - 000032627 ___SH () C:\Users\Kamil\AppData\Roaming\windows.vbs
2015-10-27 18:05 - 2016-12-21 06:39 - 000057344 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-20 14:11 - 2018-12-20 14:11 - 000002404 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-07-22 16:35 - 2019-03-11 09:47 - 000007622 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-08 10:19
==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2020
Ran by Kamil (15-01-2020 12:27:07)
Running from C:\Users\Kamil\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-04-18 17:26:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3867848799-1210266518-3605795662-500 - Administrator - Disabled)
Guest (S-1-5-21-3867848799-1210266518-3605795662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3867848799-1210266518-3605795662-1002 - Limited - Enabled)
Kamil (S-1-5-21-3867848799-1210266518-3605795662-1000 - Administrator - Enabled) => C:\Users\Kamil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
Adblock Plus pre IE (32-bitová verzia) (HKLM\...\{1C4B00CA-AA30-4A84-9BC0-1F4B52CB8A0A}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIDA64 Extreme Edition v2.30 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.30 - FinalWire Ltd.)
Aimersoft Helper Compact 2.5.1 (HKLM\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
AIMP (HKLM\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Aktualizácie NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Any DVD Converter Professional 4.0.3 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Apowersoft Online Launcher version 1.4.6 (HKLM\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
Apowersoft Video Konvertor V4.5.9 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.5.9 - APOWERSOFT LIMITED)
Apowersoft Video Stahovač V6.4.6 (HKLM\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.6 - APOWERSOFT LIMITED)
Ashampoo Burning Studio 10 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ASUS Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.60 - ASUS Communications)
ASUS nVidia Driver (HKLM\...\{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}) (Version: 1.00.0000 - ASUSTek) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.61.1065 - AB Team, d.o.o.)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (HKLM\...\{9E0E1E3B-229C-4CF9-8A39-4455477327E4}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
C4600_NCL_Help (HKLM\...\{F39AB038-876C-4FAE-8D40-6A21632BF92D}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
DU Meter (HKLM\...\DUMeter3_is1) (Version: 4.0 Build R3009 - Hagel Technologies Ltd)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Java 8 Update 231 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Quest III (HKLM\...\{34AF0799-8123-41BA-885A-BDEB157607F9}) (Version: 1.0.0 - LeeGTs Games)
LightScribe System Software (HKLM\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaCoder 2011 (HKLM\...\MediaCoder) (Version: 2011 - Broad Intelligence)
MediaInfo 0.7.48 (HKLM\...\MediaInfo) (Version: 0.7.48 - MediaArea.net)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta World Atlas 1998 Edition (HKLM\...\Encarta Virtual Globe 3.0) (Version: - )
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Connect (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
Mozilla Firefox 72.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 72.0.1 (x86 sk)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1.7311 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 cs) (HKLM\...\Mozilla Thunderbird 68.3.1 (x86 cs)) (Version: 68.3.1 - Mozilla)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}) (Version: 3.7.22.0 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
NVIDIA 3D Vision radič ovládača 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera 11.51 (HKLM\...\Opera 11.51.1087) (Version: 11.51.1087 - Opera Software ASA)
Ovládací panel NVIDIA 353.62 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 353.62 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Počítačový prístup k internetu Nokia (HKLM\...\{653A52D8-127C-476D-BAD9-27117A3A4959}) (Version: 2.0.1.3 - Nokia) Hidden
Počítačový prístup k internetu Nokia (HKLM\...\Nokia PC Internet Access) (Version: 2.0.1.3 - Nokia)
PS_AIO_05_C4600_Software_Min (HKLM\...\{1CA3A991-B03D-4C92-9922-315E5434E87B}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RogueKiller version 14.0.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.4.0 - Adlice Software)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verzia 8.55 (HKLM\...\Skype_is1) (Version: 8.55 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Status (HKLM\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander Ultima Prime 4.5.0.0 (HKLM\...\TC UP) (Version: 4.5.0.0 - ULTIMA PRIME)
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.7.2.4 - ) <==== ATTENTION
Uninstall DS Clock (HKLM\...\DS Clock_is1) (Version: 1.5 - Duality Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UsbFix (HKLM\...\Usbfix) (Version: 9.001 - http://www.SOSVirus.Net)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Video Fixer 3.23 (HKLM\...\Video Fixer 3.23_is1) (Version: - video-fixer Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers1: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files\Bluetooth Suite\ShellContextExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\ђусский.lnk -> C:\Users\Kamil\AppData\Local\UmmyVideoDownloader\1.7.2.4\help\Ummy_rus.pdf () <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2012-12-21 15:29 - 2012-12-21 15:29 - 000110080 _____ () [File not signed] C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2008-01-30 18:08 - 2008-01-30 18:08 - 000160256 _____ () [File not signed] C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll
2012-04-18 19:46 - 2011-03-02 11:40 - 000140288 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2016-12-29 22:14 - 2016-12-29 22:15 - 000798771 _____ () [File not signed] C:\ProgramData\LangSoft\WebIE.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000287744 _____ () [File not signed] C:\ProgramData\Synaptics\libeay32.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000063488 _____ () [File not signed] C:\ProgramData\Synaptics\ssleay32.dll
2019-09-23 07:23 - 2020-01-15 11:44 - 000015360 ___SH () [File not signed] C:\ProgramData\Synaptics\XSynaptics.dll
2015-08-13 16:13 - 2016-10-14 19:34 - 001317960 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files\AIMP3\System\aimp_menu32.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000064672 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AthCopyHook.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000033440 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BPP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000037024 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTBIP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000040096 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStore.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000036000 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStoreOpp.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtObexFt.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTOBEXOP.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000154784 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtvAppExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\goep.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Handsfree.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000101536 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\L2capLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000879776 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\OutLookLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\RfcommLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000244384 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\ShellContextExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000068768 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Sync.dll
2013-03-24 03:04 - 2007-10-15 15:18 - 000395264 _____ (Hagel Technologies Ltd) [File not signed] C:\Program Files\DU Meter\sqlite3.dll
2009-11-18 03:42 - 2009-11-18 03:42 - 000253568 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000217728 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000137344 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSLog.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000044544 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000053760 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-12-21 15:30 - 2012-12-21 15:30 - 000599552 _____ (Igor Pavlov) [File not signed] C:\Program Files\Nokia\Nokia Suite\7z.DLL
2013-08-17 08:15 - 2013-08-17 08:15 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2013-08-17 08:16 - 2013-08-17 08:16 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2012-12-21 15:28 - 2012-12-21 15:28 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Nokia\Nokia Suite\libeay32.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [230]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [148]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [324]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\TC UP\PLUGINS\Library;C:\Program Files\VDownloader;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: D: =>
MSCONFIG\startupreg: DU Meter => C:\Program Files\DU Meter\DUMeter.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NokiaPCInternetAccess => "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FE7AC9CF-3561-47A5-B99A-69042B495B0B}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{D7A9353B-05AF-41BB-AEC5-24E5A30E4BC9}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{F388A335-B65D-4EB0-9F4E-867A81A8DEB5}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{F60AC1A0-B039-4980-A08A-FC770460757C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CB4E05BA-042A-4CCE-985A-2842E3FD6740}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1B9D84F-D9C4-4F69-B7A7-8123CB72A58F}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BC115943-2074-4D67-86FD-304E973A8A07}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{077124A8-39E9-4C48-8F68-258E5426535D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01E3A908-8988-414D-8EFA-76B4264EEF93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{41A4F2EE-D814-434F-8059-6EEFE13045E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DBF38C8D-71CE-41FE-8CC7-D3F53D63EEB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5C6334B-DDA4-4EBB-B509-0C3D816A18A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E0A802B-A8DE-4DAB-BC8C-BDF2CF4E4A93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E9B6AD04-798C-4BA7-88B4-C0D397E9A1DF}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AA1B92BD-0FF8-4665-88C0-3C0AA70918D8}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{73ACB86A-9ACB-49D1-B939-813CC1D16D71}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{598C2D51-05EE-4313-AB37-D8A4FE4BD351}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{CE6E99D3-D187-4BEE-9211-1ECBA00A910C}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{89DD17C6-9B3B-4FD2-922E-092D68856D3E}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{649C8FDF-A5D3-4B69-872E-79D05B54C656}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{39CC2FED-E291-4825-9D17-04FD47F52A69}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{B565FEC6-4AA6-43CC-BDAD-4765CE2475B9}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{7746F667-6FC9-48F5-9DF3-96B8BE3FB5D6}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{D4BFA56F-42DD-4729-BC10-7F5D568A0415}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9834E6EE-D943-4C3F-9CD6-C5E22428B2BF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{2913477A-8313-4412-AD83-EB90BE61B927}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{FC95DE93-382E-401E-B9FA-CA5E3763026C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7BB1B054-2824-446D-BB61-56609EB37AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9CA61943-BBAE-4F24-BD93-D07CD82E5626}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D416DD57-4189-4309-A68B-043B1EBC022C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{713C67D3-8693-4AA7-BB8A-46A238724BF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{44BA0745-1436-49E9-8F46-E07661FD8C6F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard) [File not signed]
FirewallRules: [{A5A5FD06-C66B-479C-99FB-3C34745CB483}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{B4549B05-C21C-45C1-88DA-2CC7C746D3FA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68C9AE4C-A7AF-4990-A530-B0F3E2C70A02}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{50C54499-3900-4437-B5EF-F0DC696F7BEA}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{F5E00402-58D3-4984-BA38-A7262B7E42BE}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{07E7C946-C6CD-4426-84E6-E45A85CFD3D4}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{05BB745C-4079-4C1E-BAA2-EF970F6B72C0}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{B183860A-0B39-4E91-A072-E790550A4384}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{99526F96-7CEF-41F3-A3BB-3A070F596371}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{551B6C6C-542A-4C44-BE40-E9F34A859164}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [{770CBAE4-EE3F-4386-A4FC-E50CA29E48FD}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D1614519-6472-4369-82DD-332040705988}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC265BB4-0A03-4C18-AF94-584A889A38FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-01-2020 20:11:02 Installed DirectX

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2020 11:56:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:56:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/15/2020 11:45:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:36:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:36:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/15/2020 11:07:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:06:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:06:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (01/15/2020 11:56:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:43:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/15/2020 11:43:25 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 11:36:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:06:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:05:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/15/2020 11:05:03 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 09:58:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba


==================== Memory info ===========================

BIOS: Award Software International, Inc. F9 10/13/2011
Motherboard: Gigabyte Technology Co., Ltd. GA-990XA-UD3
Processor: AMD Phenom(tm) II X6 1045T Processor
Percentage of memory in use: 85%
Total physical RAM: 3069.24 MB
Available physical RAM: 445.08 MB
Total Virtual: 6136.77 MB
Available Virtual: 1913.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.42 GB) (Free:37.53 GB) NTFS
Drive d: () (Fixed) (Total:1289.74 GB) (Free:22.11 GB) NTFS

\\?\Volume{bacf6a23-897a-11e1-a07a-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 809EDEEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1289.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2020
Ran by Kamil (15-01-2020 12:27:07)
Running from C:\Users\Kamil\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-04-18 17:26:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3867848799-1210266518-3605795662-500 - Administrator - Disabled)
Guest (S-1-5-21-3867848799-1210266518-3605795662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3867848799-1210266518-3605795662-1002 - Limited - Enabled)
Kamil (S-1-5-21-3867848799-1210266518-3605795662-1000 - Administrator - Enabled) => C:\Users\Kamil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
Adblock Plus pre IE (32-bitová verzia) (HKLM\...\{1C4B00CA-AA30-4A84-9BC0-1F4B52CB8A0A}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIDA64 Extreme Edition v2.30 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.30 - FinalWire Ltd.)
Aimersoft Helper Compact 2.5.1 (HKLM\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
AIMP (HKLM\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Aktualizácie NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Any DVD Converter Professional 4.0.3 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Apowersoft Online Launcher version 1.4.6 (HKLM\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
Apowersoft Video Konvertor V4.5.9 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.5.9 - APOWERSOFT LIMITED)
Apowersoft Video Stahovač V6.4.6 (HKLM\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.6 - APOWERSOFT LIMITED)
Ashampoo Burning Studio 10 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ASUS Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.60 - ASUS Communications)
ASUS nVidia Driver (HKLM\...\{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}) (Version: 1.00.0000 - ASUSTek) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.61.1065 - AB Team, d.o.o.)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (HKLM\...\{9E0E1E3B-229C-4CF9-8A39-4455477327E4}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
C4600_NCL_Help (HKLM\...\{F39AB038-876C-4FAE-8D40-6A21632BF92D}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
DU Meter (HKLM\...\DUMeter3_is1) (Version: 4.0 Build R3009 - Hagel Technologies Ltd)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Java 8 Update 231 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Quest III (HKLM\...\{34AF0799-8123-41BA-885A-BDEB157607F9}) (Version: 1.0.0 - LeeGTs Games)
LightScribe System Software (HKLM\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaCoder 2011 (HKLM\...\MediaCoder) (Version: 2011 - Broad Intelligence)
MediaInfo 0.7.48 (HKLM\...\MediaInfo) (Version: 0.7.48 - MediaArea.net)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta World Atlas 1998 Edition (HKLM\...\Encarta Virtual Globe 3.0) (Version: - )
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Connect (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
Mozilla Firefox 72.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 72.0.1 (x86 sk)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1.7311 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 cs) (HKLM\...\Mozilla Thunderbird 68.3.1 (x86 cs)) (Version: 68.3.1 - Mozilla)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}) (Version: 3.7.22.0 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
NVIDIA 3D Vision radič ovládača 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera 11.51 (HKLM\...\Opera 11.51.1087) (Version: 11.51.1087 - Opera Software ASA)
Ovládací panel NVIDIA 353.62 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 353.62 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Počítačový prístup k internetu Nokia (HKLM\...\{653A52D8-127C-476D-BAD9-27117A3A4959}) (Version: 2.0.1.3 - Nokia) Hidden
Počítačový prístup k internetu Nokia (HKLM\...\Nokia PC Internet Access) (Version: 2.0.1.3 - Nokia)
PS_AIO_05_C4600_Software_Min (HKLM\...\{1CA3A991-B03D-4C92-9922-315E5434E87B}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RogueKiller version 14.0.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.4.0 - Adlice Software)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verzia 8.55 (HKLM\...\Skype_is1) (Version: 8.55 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Status (HKLM\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander Ultima Prime 4.5.0.0 (HKLM\...\TC UP) (Version: 4.5.0.0 - ULTIMA PRIME)
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.7.2.4 - ) <==== ATTENTION
Uninstall DS Clock (HKLM\...\DS Clock_is1) (Version: 1.5 - Duality Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UsbFix (HKLM\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Video Fixer 3.23 (HKLM\...\Video Fixer 3.23_is1) (Version: - video-fixer Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers1: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files\Bluetooth Suite\ShellContextExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\ђусский.lnk -> C:\Users\Kamil\AppData\Local\UmmyVideoDownloader\1.7.2.4\help\Ummy_rus.pdf () <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2012-12-21 15:29 - 2012-12-21 15:29 - 000110080 _____ () [File not signed] C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2008-01-30 18:08 - 2008-01-30 18:08 - 000160256 _____ () [File not signed] C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll
2012-04-18 19:46 - 2011-03-02 11:40 - 000140288 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2016-12-29 22:14 - 2016-12-29 22:15 - 000798771 _____ () [File not signed] C:\ProgramData\LangSoft\WebIE.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000287744 _____ () [File not signed] C:\ProgramData\Synaptics\libeay32.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000063488 _____ () [File not signed] C:\ProgramData\Synaptics\ssleay32.dll
2019-09-23 07:23 - 2020-01-15 11:44 - 000015360 ___SH () [File not signed] C:\ProgramData\Synaptics\XSynaptics.dll
2015-08-13 16:13 - 2016-10-14 19:34 - 001317960 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files\AIMP3\System\aimp_menu32.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000064672 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AthCopyHook.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000033440 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BPP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000037024 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTBIP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000040096 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStore.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000036000 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStoreOpp.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtObexFt.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTOBEXOP.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000154784 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtvAppExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\goep.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Handsfree.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000101536 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\L2capLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000879776 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\OutLookLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\RfcommLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000244384 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\ShellContextExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000068768 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Sync.dll
2013-03-24 03:04 - 2007-10-15 15:18 - 000395264 _____ (Hagel Technologies Ltd) [File not signed] C:\Program Files\DU Meter\sqlite3.dll
2009-11-18 03:42 - 2009-11-18 03:42 - 000253568 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000217728 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000137344 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSLog.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000044544 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000053760 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-12-21 15:30 - 2012-12-21 15:30 - 000599552 _____ (Igor Pavlov) [File not signed] C:\Program Files\Nokia\Nokia Suite\7z.DLL
2013-08-17 08:15 - 2013-08-17 08:15 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2013-08-17 08:16 - 2013-08-17 08:16 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2012-12-21 15:28 - 2012-12-21 15:28 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Nokia\Nokia Suite\libeay32.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [230]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [148]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [324]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\TC UP\PLUGINS\Library;C:\Program Files\VDownloader;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: D: =>
MSCONFIG\startupreg: DU Meter => C:\Program Files\DU Meter\DUMeter.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NokiaPCInternetAccess => "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FE7AC9CF-3561-47A5-B99A-69042B495B0B}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{D7A9353B-05AF-41BB-AEC5-24E5A30E4BC9}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{F388A335-B65D-4EB0-9F4E-867A81A8DEB5}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{F60AC1A0-B039-4980-A08A-FC770460757C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CB4E05BA-042A-4CCE-985A-2842E3FD6740}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1B9D84F-D9C4-4F69-B7A7-8123CB72A58F}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BC115943-2074-4D67-86FD-304E973A8A07}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{077124A8-39E9-4C48-8F68-258E5426535D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01E3A908-8988-414D-8EFA-76B4264EEF93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{41A4F2EE-D814-434F-8059-6EEFE13045E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DBF38C8D-71CE-41FE-8CC7-D3F53D63EEB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5C6334B-DDA4-4EBB-B509-0C3D816A18A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E0A802B-A8DE-4DAB-BC8C-BDF2CF4E4A93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E9B6AD04-798C-4BA7-88B4-C0D397E9A1DF}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AA1B92BD-0FF8-4665-88C0-3C0AA70918D8}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{73ACB86A-9ACB-49D1-B939-813CC1D16D71}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{598C2D51-05EE-4313-AB37-D8A4FE4BD351}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{CE6E99D3-D187-4BEE-9211-1ECBA00A910C}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{89DD17C6-9B3B-4FD2-922E-092D68856D3E}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{649C8FDF-A5D3-4B69-872E-79D05B54C656}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{39CC2FED-E291-4825-9D17-04FD47F52A69}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{B565FEC6-4AA6-43CC-BDAD-4765CE2475B9}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{7746F667-6FC9-48F5-9DF3-96B8BE3FB5D6}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{D4BFA56F-42DD-4729-BC10-7F5D568A0415}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9834E6EE-D943-4C3F-9CD6-C5E22428B2BF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{2913477A-8313-4412-AD83-EB90BE61B927}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{FC95DE93-382E-401E-B9FA-CA5E3763026C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7BB1B054-2824-446D-BB61-56609EB37AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9CA61943-BBAE-4F24-BD93-D07CD82E5626}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D416DD57-4189-4309-A68B-043B1EBC022C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{713C67D3-8693-4AA7-BB8A-46A238724BF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{44BA0745-1436-49E9-8F46-E07661FD8C6F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard) [File not signed]
FirewallRules: [{A5A5FD06-C66B-479C-99FB-3C34745CB483}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{B4549B05-C21C-45C1-88DA-2CC7C746D3FA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68C9AE4C-A7AF-4990-A530-B0F3E2C70A02}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{50C54499-3900-4437-B5EF-F0DC696F7BEA}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{F5E00402-58D3-4984-BA38-A7262B7E42BE}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{07E7C946-C6CD-4426-84E6-E45A85CFD3D4}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{05BB745C-4079-4C1E-BAA2-EF970F6B72C0}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{B183860A-0B39-4E91-A072-E790550A4384}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{99526F96-7CEF-41F3-A3BB-3A070F596371}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{551B6C6C-542A-4C44-BE40-E9F34A859164}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [{770CBAE4-EE3F-4386-A4FC-E50CA29E48FD}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D1614519-6472-4369-82DD-332040705988}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC265BB4-0A03-4C18-AF94-584A889A38FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-01-2020 20:11:02 Installed DirectX

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2020 11:56:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:56:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/15/2020 11:45:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:36:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:36:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/15/2020 11:07:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:06:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/15/2020 11:06:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (01/15/2020 11:56:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:43:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/15/2020 11:43:25 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 11:36:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:06:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/15/2020 11:05:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/15/2020 11:05:03 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 09:58:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba


==================== Memory info ===========================

BIOS: Award Software International, Inc. F9 10/13/2011
Motherboard: Gigabyte Technology Co., Ltd. GA-990XA-UD3
Processor: AMD Phenom(tm) II X6 1045T Processor
Percentage of memory in use: 85%
Total physical RAM: 3069.24 MB
Available physical RAM: 445.08 MB
Total Virtual: 6136.77 MB
Available Virtual: 1913.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.42 GB) (Free:37.53 GB) NTFS
Drive d: () (Fixed) (Total:1289.74 GB) (Free:22.11 GB) NTFS

\\?\Volume{bacf6a23-897a-11e1-a07a-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 809EDEEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1289.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#2 Příspěvek od Conder »

Ahoj :)

:arrow: PC je celkom slusne zavireny.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start::
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\ProgramData\Synaptics\Synaptics.exe
File: C:\Users\Kamil\Desktop\._cache_FRST.exe
File: C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll
Folder: C:\ProgramData\Synaptics
Folder: C:\Users\Kamil\AppData\Roaming\Microsoft\Updates
Folder: C:\Users\Kamil\AppData\Roaming\WinSl

HKLM\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKLM\...\Run: [] => [X]
HKLM\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKLM\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKLM\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-feedback-app?lic=SUFaTUstV1FNWTYtOTIzTVItUU1UN0stRU1NTEgtUw"&"inst=NzYtNzY0NjM2OTY1NS1TVDEwT0krMS1ERFQrMC1TVDEwQVBQKzEtQ0lEMzJURysxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Synaptics Pointing Device Driver] => C:\ProgramData\Synaptics\Synaptics.exe [771584 2019-09-19] (Synaptics) [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Windows Updates] => C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\winlogon.vbs [235 2019-07-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [System32] => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [34d91dfb34a7283483d0aaba9d10147d] => C:\Users\Kamil\AppData\Local\Temp\Microsoft\svchost.exe [41472 2019-11-10] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1026470df5385af8d83ee7e2514c8469.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1998035b685796d01f79197bd5bee7fb.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\270bc2a14df607672c960a7955ac47ec.exe [2020-01-15] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2c7998d77330dbd296a15992ba62701a.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d719acf32f95a0babd6cce10e7d02bd.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3933254291d429c757f15b8b22ecccf6.exe [2019-12-17] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3faffb3040aea7f7d7747271c38ce627.exe [2019-09-12] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8914f0ae732a4b8ccda2a57450603ccd.exe [2019-12-19] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\954275c2a385362432d4f13360ed1ff4.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cebb308efb152afa9b7e187490cc3a9a.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d620e348213b3bb3ba0246f26b9e96bc.exe [2020-01-08] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2019-11-10] () [File not signed] <==== ATTENTION
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3AEC.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp44A5.tmp.vbs [2020-01-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5169.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7796.tmp.vbs [2020-01-09] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp79D8.tmp.vbs [2019-09-30] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] () [File not signed]
Task: {0922236E-AFED-405F-96A5-56679736A1B7} - System32\Tasks\Driver Booster SkipUAC (Kamil) => C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {1744284E-D72B-4FB5-8F75-383DCA0AA80D} - System32\Tasks\{6D875A5B-0703-47AD-919B-1C85F19B83F0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\TC UP\TC UP.exe" -d "C:\Program Files\TC UP"
Task: {32EAC19F-04CD-4F4A-966B-A0E20DCEA134} - System32\Tasks\sssssssss => C:\Users\Kamil\Music\nn.exe
Task: {3CCC4B84-C260-4A35-A8F4-4148C2BBE5A4} - System32\Tasks\System32 => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
Task: {718002DC-441E-45EF-A7D3-EC99CCC112D6} - System32\Tasks\{6A9A6746-189F-40E9-866D-A794DD628277} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8E437444-E35F-4313-8BC8-91FD1DE2C911} - System32\Tasks\{2F53AFB3-BF87-41BA-9906-924B8988776D} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {C713DE78-1CB1-46C1-BD1B-68B1E44966E9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F05BF5B5-2F80-424B-9587-06EBEC1B3A25} - System32\Tasks\{F6C0A0DD-0931-4144-8E4C-FC5BD8DE0259} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {FDBB164E-D8D9-48CF-9F1B-AAB7909490AF} - System32\Tasks\{3AE4C49B-AF29-4392-8EA2-B09B36DB8B5F} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Handler: WSKVAllmytubechrome - No CLSID Value - 
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ C:\Users\Kamil\system.exe
2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ C:\ProgramData\wininit.exe
2020-01-08 20:50 - 2020-01-08 20:50 - 050540001 ___SH C:\Users\Kamil\Desktop\._cache_An1404.exe
2019-12-17 16:08 - 2019-12-17 16:13 - 001590784 ____N (Synaptics) C:\Users\Kamil\Downloads\VideoDownloader-[1463353425.1576595305,691,yt-bcnWysA9gxo,,].exe
2020-01-15 11:05 - 2019-09-19 15:38 - 000000000 __SHD C:\Users\Kamil\AppData\Roaming\WinSl
2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ () C:\ProgramData\wininit.exe
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ () C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ () C:\Users\Kamil\system.exe
2019-09-12 11:22 - 2019-12-28 11:20 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\explorer.exe
2019-09-20 06:14 - 2019-08-10 13:37 - 000453416 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msvcp140.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 002696736 _____ (Mozilla Foundation) C:\Users\Kamil\AppData\Roaming\nss3.dll
2019-09-12 12:34 - 2019-09-12 12:34 - 000471040 ____H () C:\Users\Kamil\AppData\Roaming\svchost.exe
2019-09-19 15:37 - 2019-12-17 16:13 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\system32.exe
2019-08-18 17:41 - 2019-09-07 10:52 - 000032627 ___SH () C:\Users\Kamil\AppData\Roaming\windows.vbs
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [230]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [148]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [324]
MSCONFIG\startupreg: D: => 
C:\ProgramData\Synaptics
C:\Users\Kamil\AppData\Roaming\Microsoft\Updates

Hosts:
EmptyTemp:
End::
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#3 Příspěvek od kamistr »

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-01-2020
Ran by Kamil (15-01-2020 19:53:19) Run:1
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\ProgramData\Synaptics\Synaptics.exe
File: C:\Users\Kamil\Desktop\._cache_FRST.exe
File: C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll
Folder: C:\ProgramData\Synaptics
Folder: C:\Users\Kamil\AppData\Roaming\Microsoft\Updates
Folder: C:\Users\Kamil\AppData\Roaming\WinSl
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKLM\...\Run: [] => [X]
HKLM\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs"
HKLM\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKLM\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKLM\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKLM\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKLM\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKLM\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-fe ... sxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (Microsoft Corporation -> � 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [windows] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\windows.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1998035b685796d01f79197bd5bee7fb] => C:\Users\Kamil\AppData\Local\Temp\chrome..exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2c7998d77330dbd296a15992ba62701a] => C:\Users\Kamil\AppData\Roaming\explorer.exe .. [24064 2019-12-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3faffb3040aea7f7d7747271c38ce627] => C:\Users\Kamil\AppData\Roaming\svchost.exe .. [471040 2019-09-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Synaptics Pointing Device Driver] => C:\ProgramData\Synaptics\Synaptics.exe [771584 2019-09-19] (Synaptics) [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [3933254291d429c757f15b8b22ecccf6] => C:\Users\Kamil\AppData\Roaming\system32.exe .. [24064 2019-12-17] () [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Windows Updates] => C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\winlogon.vbs [235 2019-07-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp79D8] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp79D8.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8914f0ae732a4b8ccda2a57450603ccd] => C:\Users\Kamil\AppData\Local\Temp\70.exe .. [37888 2019-12-19] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp3AEC] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp3AEC.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp5169] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp5169.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [System32] => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [34d91dfb34a7283483d0aaba9d10147d] => C:\Users\Kamil\AppData\Local\Temp\Microsoft\svchost.exe [41472 2019-11-10] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [d620e348213b3bb3ba0246f26b9e96bc] => C:\Users\Kamil\AppData\Local\Temp\server.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [85a1b87c506616a2e533f865475870fe] => C:\Users\Kamil\AppData\Local\Temp\Driver.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [5395d531b1a96d36e1aed6f156c1abfc] => C:\Users\Kamil\AppData\Local\Temp\command.exe .. [24064 2020-01-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [270bc2a14df607672c960a7955ac47ec] => C:\Users\Kamil\AppData\Local\Temp\System64.exe .. [92160 2020-01-15] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp7796] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp7796.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp44A5] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp44A5.tmp.vbs" <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [ef68944d54e8b4aa938a84cf943af21e] => C:\Users\Kamil\AppData\Local\Temp\sovx.exe .. [24064 2020-01-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [2d719acf32f95a0babd6cce10e7d02bd] => C:\ProgramData\wininit.exe .. [74240 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [954275c2a385362432d4f13360ed1ff4] => C:\Users\Kamil\system.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [1026470df5385af8d83ee7e2514c8469] => C:\Users\Kamil\AppData\Local\Temp\tmpC0B2.tmp.exe .. [45568 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [cebb308efb152afa9b7e187490cc3a9a] => C:\Users\Kamil\svchost.exe .. [85504 2020-01-13] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [b79c121d18108351cf2b69076b3385be] => C:\Users\Kamil\AppData\Local\Temp\Secript.exe .. [119808 2020-01-13] () [File not signed] <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1026470df5385af8d83ee7e2514c8469.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1998035b685796d01f79197bd5bee7fb.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\270bc2a14df607672c960a7955ac47ec.exe [2020-01-15] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2c7998d77330dbd296a15992ba62701a.exe [2019-12-28] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d719acf32f95a0babd6cce10e7d02bd.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3933254291d429c757f15b8b22ecccf6.exe [2019-12-17] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3faffb3040aea7f7d7747271c38ce627.exe [2019-09-12] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8914f0ae732a4b8ccda2a57450603ccd.exe [2019-12-19] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\954275c2a385362432d4f13360ed1ff4.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cebb308efb152afa9b7e187490cc3a9a.exe [2020-01-13] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d620e348213b3bb3ba0246f26b9e96bc.exe [2020-01-08] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2019-11-10] () [File not signed] <==== ATTENTION
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3AEC.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp44A5.tmp.vbs [2020-01-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5169.tmp.vbs [2019-11-10] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7796.tmp.vbs [2020-01-09] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp79D8.tmp.vbs [2019-09-30] () [File not signed]
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] () [File not signed]
Task: {0922236E-AFED-405F-96A5-56679736A1B7} - System32\Tasks\Driver Booster SkipUAC (Kamil) => C:\Program Files\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {1744284E-D72B-4FB5-8F75-383DCA0AA80D} - System32\Tasks\{6D875A5B-0703-47AD-919B-1C85F19B83F0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\TC UP\TC UP.exe" -d "C:\Program Files\TC UP"
Task: {32EAC19F-04CD-4F4A-966B-A0E20DCEA134} - System32\Tasks\sssssssss => C:\Users\Kamil\Music\nn.exe
Task: {3CCC4B84-C260-4A35-A8F4-4148C2BBE5A4} - System32\Tasks\System32 => C:\Users\Kamil\AppData\Local\Temp\Client.exe [54272 2019-11-10] (word file) [File not signed] <==== ATTENTION
Task: {718002DC-441E-45EF-A7D3-EC99CCC112D6} - System32\Tasks\{6A9A6746-189F-40E9-866D-A794DD628277} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8E437444-E35F-4313-8BC8-91FD1DE2C911} - System32\Tasks\{2F53AFB3-BF87-41BA-9906-924B8988776D} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {C713DE78-1CB1-46C1-BD1B-68B1E44966E9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F05BF5B5-2F80-424B-9587-06EBEC1B3A25} - System32\Tasks\{F6C0A0DD-0931-4144-8E4C-FC5BD8DE0259} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {FDBB164E-D8D9-48CF-9F1B-AAB7909490AF} - System32\Tasks\{3AE4C49B-AF29-4392-8EA2-B09B36DB8B5F} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Handler: WSKVAllmytubechrome - No CLSID Value -
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ C:\Users\Kamil\system.exe
2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ C:\ProgramData\wininit.exe
2020-01-08 20:50 - 2020-01-08 20:50 - 050540001 ___SH C:\Users\Kamil\Desktop\._cache_An1404.exe
2019-12-17 16:08 - 2019-12-17 16:13 - 001590784 ____N (Synaptics) C:\Users\Kamil\Downloads\VideoDownloader-[1463353425.1576595305,691,yt-bcnWysA9gxo,,].exe
2020-01-15 11:05 - 2019-09-19 15:38 - 000000000 __SHD C:\Users\Kamil\AppData\Roaming\WinSl
2020-01-13 13:44 - 2020-01-13 13:44 - 000074240 _____ () C:\ProgramData\wininit.exe
2020-01-13 13:59 - 2020-01-13 13:59 - 000085504 _____ () C:\Users\Kamil\svchost.exe
2020-01-13 13:48 - 2020-01-13 13:48 - 000085504 _____ () C:\Users\Kamil\system.exe
2019-09-12 11:22 - 2019-12-28 11:20 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\explorer.exe
2019-09-20 06:14 - 2019-08-10 13:37 - 000453416 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msvcp140.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 002696736 _____ (Mozilla Foundation) C:\Users\Kamil\AppData\Roaming\nss3.dll
2019-09-12 12:34 - 2019-09-12 12:34 - 000471040 ____H () C:\Users\Kamil\AppData\Roaming\svchost.exe
2019-09-19 15:37 - 2019-12-17 16:13 - 000024064 _____ () C:\Users\Kamil\AppData\Roaming\system32.exe
2019-08-18 17:41 - 2019-09-07 10:52 - 000032627 ___SH () C:\Users\Kamil\AppData\Roaming\windows.vbs
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [230]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [148]
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8 [324]
MSCONFIG\startupreg: D: =>
C:\ProgramData\Synaptics
C:\Users\Kamil\AppData\Roaming\Microsoft\Updates
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 1629
Average :
Sum : 3536162292
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\ProgramData\Synaptics\Synaptics.exe ========================

"C:\ProgramData\Synaptics\Synaptics.exe" => not found
====== End of File: ======


========================= File: C:\Users\Kamil\Desktop\._cache_FRST.exe ========================

C:\Users\Kamil\Desktop\._cache_FRST.exe
File not signed
MD5: F89E4CBDB4414BA903F00EFA95C01592
Creation and modification date: 2020-01-15 12:25 - 2020-01-15 12:25
Size: 002303488
Attributes: ---SH
Company Name: Farbar
Internal Name:
Original Name:
Product:
Description: Farbar Recovery Scan Tool
File Version: 12.1.2020.0
Product Version: 3.3.14.5
Copyright: ©1999-2018 Jonathan Bennett & AutoIt Team
VirusTotal: https://www.virustotal.com/file/e6e3ecb ... 578852252/

====== End of File: ======


========================= File: C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll ========================

C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll
File is digitally signed
MD5: 79EE4A2FCBE24E9A65106DE834CCDA4A
Creation and modification date: 2019-09-20 06:14 - 2019-08-10 13:37
Size: 000018184
Attributes: ----A
Company Name: Microsoft Corporation -> Microsoft Corporation
Internal Name: apisetstub
Original Name: apisetstub
Product: Microsoft® Windows® Operating System
Description: ApiSet Stub DLL
File Version: 10.0.17134.12 (WinBuild.160101.0800)
Product Version: 10.0.17134.12
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/9f7bda5 ... 578952080/

====== End of File: ======


========================= Folder: C:\ProgramData\Synaptics ========================

2019-09-19 15:38 - 2019-09-19 15:38 - 000287744 ____A [3460680E5CF0C10F871D7A4C7E9EF0F5] () C:\ProgramData\Synaptics\libeay32.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000063488 ____A [6C0A224D480108C56FE2FF42E960F2FD] () C:\ProgramData\Synaptics\ssleay32.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000015360 ___SH [C0EF4D6237D106BF51C8884D57953F92] () C:\ProgramData\Synaptics\Synaptics.dll
2019-09-23 07:23 - 2020-01-15 15:36 - 000015360 ___SH [C0EF4D6237D106BF51C8884D57953F92] () C:\ProgramData\Synaptics\XSynaptics.dll
2019-09-19 15:38 - 2019-09-19 15:38 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Synaptics\WS

====== End of Folder: ======


========================= Folder: C:\Users\Kamil\AppData\Roaming\Microsoft\Updates ========================

2019-09-24 17:08 - 2018-11-02 21:41 - 000020608 ____A [477B55AB1242F6A86E34953716BA5231] (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\api-ms-win-crt-conio-l1-1-0.dll
2019-09-24 17:08 - 2018-03-06 12:07 - 000000117 ____A [77CCE38EC5E1FB1DFD444E185BE33E55] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\install.vbs
2019-09-24 17:08 - 2019-02-27 15:06 - 000675984 ____A [28D16214F6726F019273231497C749A9] (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\msvcp140.dll
2019-09-24 17:08 - 2018-06-12 18:53 - 015544832 ____A [75CE028BA3C02783C002D58941901A84] (NVIDIA Corporation) C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\nvrtc64_92.dll
2019-09-24 17:08 - 2018-06-12 18:53 - 003213312 ____A [79ECDC6585CE79779E4500D4BBCA4AC9] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\nvrtc-builtins64_92.dll
2019-09-24 17:08 - 2018-09-17 10:19 - 000168976 ____A [7FCF1E9832D2252D269A1D077E3AE096] (Khronos Group) C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\OpenCL.dll
2019-09-24 17:08 - 2019-06-11 13:10 - 000000296 ____A [B49D2454917984D134D4B452A2168C59] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\setup.bat
2019-09-24 17:08 - 2019-11-21 21:21 - 000000047 ____A [988ADB2057D3A97762987346FC854D59] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\start.bat
2019-09-24 17:08 - 2019-04-29 13:06 - 000000167 ____A [134D1504C43C89D882052006E2563F17] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\start.vbs
2019-09-24 17:08 - 2019-11-21 21:22 - 000000047 ____A [86F5A770B18BC23FB733831CD95D8D12] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\start1.bat
2019-09-24 17:08 - 2019-03-07 01:02 - 000087872 ____A [5578B8106BC09064343C421D9285AD29] (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\vcruntime140.dll
2019-09-24 17:08 - 2019-07-13 18:26 - 000000235 ____A [33FADEF8FA3619D2C02916B905458793] () C:\Users\Kamil\AppData\Roaming\Microsoft\Updates\winlogon.vbs

====== End of Folder: ======


========================= Folder: C:\Users\Kamil\AppData\Roaming\WinSl ========================

2020-01-10 04:22 - 2020-01-10 08:00 - 000000424 ____A [F1AFFA5E40658020CC285A05C89B1B5D] () C:\Users\Kamil\AppData\Roaming\WinSl\L10. 1. 2020
2020-01-11 03:58 - 2020-01-11 07:54 - 000000812 ____A [05BEA17D758F5C2223AAD23AA39DDBE2] () C:\Users\Kamil\AppData\Roaming\WinSl\L11. 1. 2020
2019-10-11 06:40 - 2019-10-11 07:38 - 000000315 ____A [6305E06D18AEA1E587C96440BA9999FA] () C:\Users\Kamil\AppData\Roaming\WinSl\L11. 10. 2019
2019-12-14 04:14 - 2019-12-14 13:57 - 000001105 ____A [013DA80B246F758C1E0EAD8AEB9371BF] () C:\Users\Kamil\AppData\Roaming\WinSl\L14. 12. 2019
2020-01-15 11:05 - 2020-01-15 15:42 - 000007308 ____A [4D5B63D630A27C8C8E4211D7C27F44CB] () C:\Users\Kamil\AppData\Roaming\WinSl\L15. 1. 2020
2019-12-17 16:13 - 2019-12-17 23:16 - 000015377 ____A [9E6DEEACFA048A8F812742CB9D280657] () C:\Users\Kamil\AppData\Roaming\WinSl\L17. 12. 2019
2019-12-18 07:31 - 2019-12-18 07:31 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Kamil\AppData\Roaming\WinSl\L18. 12. 2019
2019-11-19 22:43 - 2019-11-19 23:53 - 000000428 ____A [CD5DE80EFE4DB2EF4BF2D6ADA818DD19] () C:\Users\Kamil\AppData\Roaming\WinSl\L19. 11. 2019
2019-09-19 15:38 - 2019-09-19 15:38 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Kamil\AppData\Roaming\WinSl\L19. 9. 2019
2019-11-20 01:05 - 2019-11-20 18:49 - 000003489 ____A [09EA8AFA4BB5B92C8A8A6671CF87CF4C] () C:\Users\Kamil\AppData\Roaming\WinSl\L20. 11. 2019
2019-09-23 07:23 - 2019-09-23 08:05 - 000000920 ____A [F26C9956F5431540E33DDECAA069769D] () C:\Users\Kamil\AppData\Roaming\WinSl\L23. 9. 2019
2019-09-24 22:45 - 2019-09-24 22:59 - 000000468 ____A [638214A88B57FDE27119FC0A3F578536] () C:\Users\Kamil\AppData\Roaming\WinSl\L24. 9. 2019
2019-09-24 23:00 - 2019-09-25 06:34 - 000001097 ____A [35C99981548C066F42958AFB7BECC0C6] () C:\Users\Kamil\AppData\Roaming\WinSl\L25. 9. 2019
2019-09-27 03:19 - 2019-09-27 06:03 - 000000524 ____A [FE1E7F21647337FA1273D8C183C56B1D] () C:\Users\Kamil\AppData\Roaming\WinSl\L27. 9. 2019
2019-12-28 11:20 - 2019-12-28 20:05 - 000002250 ____A [651B41D361C094DE0D13467C9B604F8A] () C:\Users\Kamil\AppData\Roaming\WinSl\L28. 12. 2019
2019-09-28 04:59 - 2019-09-28 05:56 - 000000820 ____A [7691DEDE9CC6CA8A16C37F7A1FDAA3AF] () C:\Users\Kamil\AppData\Roaming\WinSl\L28. 9. 2019
2019-12-29 06:49 - 2019-12-29 07:43 - 000000284 ____A [58F75DEFDDD41EE5C11A1CBEE62F10A1] () C:\Users\Kamil\AppData\Roaming\WinSl\L29. 12. 2019
2019-09-28 23:56 - 2019-09-29 07:55 - 000001243 ____A [69BF58FF01473C50039D7CA67B9DEA47] () C:\Users\Kamil\AppData\Roaming\WinSl\L29. 9. 2019
2019-10-30 06:21 - 2019-10-30 07:12 - 000000588 ____A [F8AE69A5CDF441BDE13A1ACCB95A3FEB] () C:\Users\Kamil\AppData\Roaming\WinSl\L30. 10. 2019
2019-12-30 19:25 - 2019-12-30 20:32 - 000004546 ____A [111354E9CF48FC429F72B8F8337BA880] () C:\Users\Kamil\AppData\Roaming\WinSl\L30. 12. 2019
2019-10-31 07:48 - 2019-10-31 19:13 - 000002062 ____A [4C0F596139F495F894CD54EA0662E2E6] () C:\Users\Kamil\AppData\Roaming\WinSl\L31. 10. 2019
2019-12-31 08:08 - 2019-12-31 13:11 - 000009032 ____A [1EB6DB891FC1B5EC8716F480FAA3B6B9] () C:\Users\Kamil\AppData\Roaming\WinSl\L31. 12. 2019
2020-01-04 06:14 - 2020-01-04 08:10 - 000001583 ____A [25036286A7D97777C50F46253D928416] () C:\Users\Kamil\AppData\Roaming\WinSl\L4. 1. 2020
2020-01-08 20:16 - 2020-01-08 20:58 - 000006408 ____A [C36DBC8D661DCEE68D48728D4ED145A9] () C:\Users\Kamil\AppData\Roaming\WinSl\L8. 1. 2020
2019-10-08 17:17 - 2019-10-08 22:59 - 000003939 ____A [3E1D963B3CD53A7E2849218533F07E21] () C:\Users\Kamil\AppData\Roaming\WinSl\L8. 10. 2019
2019-11-08 06:34 - 2019-11-08 07:46 - 000000400 ____A [5AB08469D8E9AC9D75FEDD67CAF48C37] () C:\Users\Kamil\AppData\Roaming\WinSl\L8. 11. 2019
2020-01-09 05:23 - 2020-01-09 08:23 - 000001291 ____A [5179DC67D9181F22529046EF65C7C790] () C:\Users\Kamil\AppData\Roaming\WinSl\L9. 1. 2020
2019-10-08 23:00 - 2019-10-09 01:42 - 000001534 ____A [DEC5D0700C9CF393ADDE4630888CCD15] () C:\Users\Kamil\AppData\Roaming\WinSl\L9. 10. 2019

====== End of Folder: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\8424898cc4c927994d288319a361b825" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\windows" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\1998035b685796d01f79197bd5bee7fb" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\2c7998d77330dbd296a15992ba62701a" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3faffb3040aea7f7d7747271c38ce627" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3933254291d429c757f15b8b22ecccf6" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp79D8" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\8914f0ae732a4b8ccda2a57450603ccd" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp3AEC" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp5169" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\d620e348213b3bb3ba0246f26b9e96bc" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\85a1b87c506616a2e533f865475870fe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\5395d531b1a96d36e1aed6f156c1abfc" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\270bc2a14df607672c960a7955ac47ec" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp7796" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp44A5" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ef68944d54e8b4aa938a84cf943af21e" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\2d719acf32f95a0babd6cce10e7d02bd" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\954275c2a385362432d4f13360ed1ff4" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\1026470df5385af8d83ee7e2514c8469" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cebb308efb152afa9b7e187490cc3a9a" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\b79c121d18108351cf2b69076b3385be" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8424898cc4c927994d288319a361b825" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\windows" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1998035b685796d01f79197bd5bee7fb" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2c7998d77330dbd296a15992ba62701a" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3faffb3040aea7f7d7747271c38ce627" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Synaptics Pointing Device Driver" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3933254291d429c757f15b8b22ecccf6" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Updates" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp79D8" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8914f0ae732a4b8ccda2a57450603ccd" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp3AEC" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp5169" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\System32" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\34d91dfb34a7283483d0aaba9d10147d" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\d620e348213b3bb3ba0246f26b9e96bc" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\85a1b87c506616a2e533f865475870fe" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5395d531b1a96d36e1aed6f156c1abfc" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\270bc2a14df607672c960a7955ac47ec" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp7796" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp44A5" => removed successfully.
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ef68944d54e8b4aa938a84cf943af21e" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2d719acf32f95a0babd6cce10e7d02bd" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\954275c2a385362432d4f13360ed1ff4" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1026470df5385af8d83ee7e2514c8469" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cebb308efb152afa9b7e187490cc3a9a" => not found
"HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\b79c121d18108351cf2b69076b3385be" => not found
HKLM\Software\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47} => removed successfully.
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1026470df5385af8d83ee7e2514c8469.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1998035b685796d01f79197bd5bee7fb.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\270bc2a14df607672c960a7955ac47ec.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2c7998d77330dbd296a15992ba62701a.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d719acf32f95a0babd6cce10e7d02bd.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3933254291d429c757f15b8b22ecccf6.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3faffb3040aea7f7d7747271c38ce627.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8914f0ae732a4b8ccda2a57450603ccd.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\954275c2a385362432d4f13360ed1ff4.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cebb308efb152afa9b7e187490cc3a9a.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d620e348213b3bb3ba0246f26b9e96bc.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3AEC.tmp.vbs" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp44A5.tmp.vbs" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5169.tmp.vbs" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7796.tmp.vbs" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp79D8.tmp.vbs" => not found
"C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0922236E-AFED-405F-96A5-56679736A1B7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0922236E-AFED-405F-96A5-56679736A1B7}" => removed successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Kamil) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Kamil)" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1744284E-D72B-4FB5-8F75-383DCA0AA80D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1744284E-D72B-4FB5-8F75-383DCA0AA80D}" => removed successfully.
C:\Windows\System32\Tasks\{6D875A5B-0703-47AD-919B-1C85F19B83F0} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D875A5B-0703-47AD-919B-1C85F19B83F0}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32EAC19F-04CD-4F4A-966B-A0E20DCEA134}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32EAC19F-04CD-4F4A-966B-A0E20DCEA134}" => removed successfully.
C:\Windows\System32\Tasks\sssssssss => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sssssssss" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CCC4B84-C260-4A35-A8F4-4148C2BBE5A4} => not found
"C:\Windows\System32\Tasks\System32" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System32 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{718002DC-441E-45EF-A7D3-EC99CCC112D6}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{718002DC-441E-45EF-A7D3-EC99CCC112D6}" => removed successfully.
C:\Windows\System32\Tasks\{6A9A6746-189F-40E9-866D-A794DD628277} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A9A6746-189F-40E9-866D-A794DD628277}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E437444-E35F-4313-8BC8-91FD1DE2C911}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E437444-E35F-4313-8BC8-91FD1DE2C911}" => removed successfully.
C:\Windows\System32\Tasks\{2F53AFB3-BF87-41BA-9906-924B8988776D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F53AFB3-BF87-41BA-9906-924B8988776D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C713DE78-1CB1-46C1-BD1B-68B1E44966E9}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C713DE78-1CB1-46C1-BD1B-68B1E44966E9}" => removed successfully.
C:\Windows\System32\Tasks\SidebarExecute => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F05BF5B5-2F80-424B-9587-06EBEC1B3A25}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F05BF5B5-2F80-424B-9587-06EBEC1B3A25}" => removed successfully.
C:\Windows\System32\Tasks\{F6C0A0DD-0931-4144-8E4C-FC5BD8DE0259} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F6C0A0DD-0931-4144-8E4C-FC5BD8DE0259}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDBB164E-D8D9-48CF-9F1B-AAB7909490AF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDBB164E-D8D9-48CF-9F1B-AAB7909490AF}" => removed successfully.
C:\Windows\System32\Tasks\{3AE4C49B-AF29-4392-8EA2-B09B36DB8B5F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3AE4C49B-AF29-4392-8EA2-B09B36DB8B5F}" => removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => removed successfully.
"C:\Users\Kamil\svchost.exe" => not found
"C:\Users\Kamil\system.exe" => not found
"C:\ProgramData\wininit.exe" => not found
C:\Users\Kamil\Desktop\._cache_An1404.exe => moved successfully
"C:\Users\Kamil\Downloads\VideoDownloader-[1463353425.1576595305,691,yt-bcnWysA9gxo,,].exe" => not found
C:\Users\Kamil\AppData\Roaming\WinSl => moved successfully
"C:\ProgramData\wininit.exe" => not found
"C:\Users\Kamil\svchost.exe" => not found
"C:\Users\Kamil\system.exe" => not found
"C:\Users\Kamil\AppData\Roaming\explorer.exe" => not found
C:\Users\Kamil\AppData\Roaming\msvcp140.dll => moved successfully
C:\Users\Kamil\AppData\Roaming\nss3.dll => moved successfully
"C:\Users\Kamil\AppData\Roaming\svchost.exe" => not found
"C:\Users\Kamil\AppData\Roaming\system32.exe" => not found
"C:\Users\Kamil\AppData\Roaming\windows.vbs" => not found
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\ProgramData\TEMP => ":FB1B13D8" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: D: =>" => not found
C:\ProgramData\Synaptics => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Updates => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22589530 B
Java, Flash, Steam htmlcache => 1677 B
Windows/system/drivers => 96462329 B
Edge => 0 B
Chrome => 109609806 B
Firefox => 528242989 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 560 B
LocalService => 560 B
NetworkService => 560 B
Kamil => 20915316 B

RecycleBin => 267 B
EmptyTemp: => 749.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:55:51 ====
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva nove logy z FRST (este pred skenom Malwarebytes)

:arrow: Urob v Malwarebytes uplny sken
  • Stiahni a nainstaluj Malwarebytes (MB/MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Otvor Malwarebytes a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Skontroluj, ci v nalezoch nie su dolezite subory, a ak nie, tak daj zmazat vsetky nalezy
  • Po dokonceni v casti Spravy vyexportuj a skopiruj log a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#5 Příspěvek od kamistr »

Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 16. 1. 2020
Čas skenovania: 4:46
Súbor denníka: d80fcab2-3812-11ea-a224-50e549c82b33.json

-Údaje o softvéri-
Verzia: 4.0.4.49
Verzia súčastí: 1.0.793
Aktualizovať verziu balíka: 1.0.17784
Licencia: Zadarmo

-Systémové informácie-
OS: Windows 7 Service Pack 1
Procesor: x86
Systém súborov: NTFS
Používateľ: Kamil-PC\Kamil

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 187333
Zistené hrozby: 0
Hrozby umiestnené do karantény: 0
Uplynulý čas: 7 min, 13 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 0
(Nezistili sa nijaké škodlivé položky)

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#6 Příspěvek od Conder »

Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#7 Příspěvek od kamistr »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2020
Ran by Kamil (administrator) on KAMIL-PC (Gigabyte Technology Co., Ltd. GA-990XA-UD3) (16-01-2020 17:14:14)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_32_0_0_314.exe
(Adobe Inc. -> Adobe) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_32_0_0_314.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AdminService.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Atheros Communications Inc. -> Atheros Communications) [File not signed] C:\Program Files\Bluetooth Suite\BtvStack.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(Duality Software) [File not signed] C:\Program Files\DS Clock\dsclock.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Hagel Technologies Ltd -> Hagel Technologies Ltd) [File not signed] C:\Program Files\DU Meter\DUMeterSvc.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Nokia -> Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Nokia -> Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications Inc. -> Atheros Communications) [File not signed]
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [173688 2019-11-29] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01162020115813520\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01162020115814493\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\dsclock.exe [323584 2003-06-06] (Duality Software) [File not signed]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia -> Nokia)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files\Common Files\LightScribe\LSRunOnce.exe [2010-06-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {28DE678F-CAA4-43CC-92FD-F915E0ABB696} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {679C185F-C174-41DA-B645-3EAAE5A7E7C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-03-28] (Google Inc -> Google Inc.)
Task: {87A65AD8-152C-439B-B8F5-EB8507425E69} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-15] (Adobe Inc. -> Adobe)
Task: {8E4DD813-46BA-4117-A16C-34C045517E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-03-28] (Google Inc -> Google Inc.)
Task: {907DBFB6-690F-4BD0-9CF1-E8AE3E9867B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {96CCE673-A4E1-48EE-8E1D-33CD41B8B1C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9D863C86-5BED-43A8-87BD-7F9DF0AFBE9D} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [77824 2008-06-27] () [File not signed]
Task: {E719B26C-D23E-4B45-A96D-B6635B79C680} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-15] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job => C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{7CE69006-A9F5-4F2A-9FC9-BA743A4AF9ED}: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{D620EBB2-40AB-4CB4-B107-5F6BCF8B53C0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] () [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] () [File not signed]

FireFox:
========
FF DefaultProfile: ht3jbfth.default-1368257689736
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 [2020-01-16]
FF DownloadDir: C:\Users\Kamil\Downloads
FF Homepage: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.google.sk/
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02] [Legacy]
FF Extension: (YouTube mp3) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\info@youtube-mp3.org.xpi [2017-01-03] [Legacy]
FF Extension: (Translate This!) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2017-01-03] [Legacy]
FF Extension: (To Google Translate) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-30]
FF Extension: (Google™ Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2017-01-01] [Legacy]
FF Extension: (Translator Widget) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-Gz4hrxvpY3RFJw@jetpack.xpi [2017-02-20] [Legacy]
FF Extension: (AdBlock) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-10-13]
FF Extension: (S3.Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\s3google@translator.xpi [2018-10-13]
FF Extension: (Google Translator for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\translator@zoli.bod.xpi [2019-12-14]
FF Extension: (Stylus Blue) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{11a41736-a1d5-4b1d-9cc3-983ed6a3ad30}.xpi [2019-03-21]
FF Extension: (walnut) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{192acb99-bee0-4373-9d46-09b18ad6fba9}.xpi [2019-03-28]
FF Extension: (Autumn Forest) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{46e6b376-15af-4ceb-8ac0-4820dd7e19d4}.xpi [2019-03-28]
FF Extension: (Grungedpaper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{91ef5856-a93b-4a8a-b102-909b6f6865e9}.xpi [2019-03-21]
FF Extension: (rustic walnut) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{a91e51b1-7ed9-4087-8dce-4f1d42436be8}.xpi [2019-03-21]
FF Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-24]
FF Extension: (Online Translator Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2017-02-20] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-13]
FF Extension: (Spring and Swallows) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{decd5f4c-bc93-4cc3-a305-0221fa9420c7}.xpi [2019-03-28]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\bing-.xml [2016-12-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-07-12] [Legacy] [not signed]
FF HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-15] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] (Nokia -> )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-01-16]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2020-01-16]
CHR Extension: (Prekladač Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19]
CHR Extension: (Speed Test) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2017-12-12]
CHR Extension: (internet Download Manager For Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhjobkfabeopalncconblmakfcllmhk [2017-09-24]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-30]
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (S3.Translator) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnnjfbneojbmioajinefnflopdohjk [2019-12-15]
CHR Extension: (Social Network Adblocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2018-11-22]
CHR Extension: (Translate Selected Text) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2017-06-24]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-07-11]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-19]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2019-12-31]
CHR Extension: (Skype) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-06-26]
CHR Extension: (Kontrola pošty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Hover Zoom+) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2019-10-08]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2007-10-15] (Hagel Technologies Ltd -> Hagel Technologies Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1888008 2019-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1888008 2019-11-29] (ESET, spol. s r.o. -> ESET)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5570712 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-19] (Even Balance, Inc. -> )
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14155832 2020-01-06] (Adlice -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2017-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Atheros Communications Inc. -> Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2020-01-08] (Tages SA -> )
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-03-28] (IVT CORPORATION -> IVT Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [128648 2019-11-29] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [147776 2019-11-29] (ESET, spol. s r.o. -> ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG -> Elaborate Bytes AG)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [99496 2019-11-29] (ESET, spol. s r.o. -> ESET)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2017-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2017-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [92032 2007-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-12] (Martin Malik - REALiX -> REALiX(tm))
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2020-01-08] (Tages SA -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [183768 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213912 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [19072 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (WDKTestCert charles-yeh,131069736795923936 -> Prolific Technology Inc.)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2012-04-19] (Duplex Secure Ltd -> Duplex Secure Ltd.)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [20256 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-02-29] (Wondershare Software Co., Ltd. -> Wondershare)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-16 15:10 - 2020-01-16 15:11 - 2939158528 _____ C:\Users\Kamil\Documents\Windows 10.iso
2020-01-16 14:27 - 2020-01-16 14:27 - 019255000 _____ (Microsoft Corporation) C:\Users\Kamil\Downloads\MediaCreationTool1909.exe
2020-01-16 14:27 - 2020-01-16 14:27 - 000000000 ___HD C:\$Windows.~WS
2020-01-16 04:56 - 2020-01-16 04:56 - 000001553 _____ C:\Users\Kamil\Documents\mbam.txt
2020-01-16 04:34 - 2020-01-16 04:34 - 000183768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-01-16 04:21 - 2020-01-16 04:21 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-16 04:21 - 2020-01-16 04:21 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-16 04:21 - 2020-01-16 04:21 - 000000000 ____D C:\Users\Kamil\AppData\Local\mbamtray
2020-01-16 04:21 - 2020-01-16 04:21 - 000000000 ____D C:\Users\Kamil\AppData\Local\mbam
2020-01-16 04:21 - 2020-01-16 04:21 - 000000000 ____D C:\Users\Kamil\AppData\Local\cache
2020-01-16 04:21 - 2020-01-16 04:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-16 04:20 - 2020-01-16 04:20 - 000213912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-01-16 04:20 - 2020-01-16 04:20 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2020-01-16 04:19 - 2020-01-16 04:19 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-16 04:18 - 2020-01-16 04:18 - 001883976 _____ (Malwarebytes) C:\Users\Kamil\Downloads\MBSetup.exe
2020-01-16 04:13 - 2020-01-16 17:15 - 000029842 _____ C:\Users\Kamil\Desktop\FRST.txt
2020-01-16 04:11 - 2020-01-16 04:12 - 002303488 _____ (Farbar) C:\Users\Kamil\Desktop\FRST.exe
2020-01-16 04:10 - 2020-01-16 04:12 - 002303488 _____ (Farbar) C:\Users\Kamil\Downloads\FRST.exe
2020-01-15 15:39 - 2020-01-15 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-01-15 15:39 - 2020-01-15 15:39 - 000000000 ____D C:\ProgramData\ESET
2020-01-15 15:39 - 2020-01-15 15:39 - 000000000 ____D C:\Program Files\ESET
2020-01-15 15:37 - 2020-01-15 15:37 - 005504824 ___SH (ESET) C:\Users\Kamil\Downloads\._cache_eset_nod32_antivirus_live_installer(2).exe
2020-01-15 14:37 - 2019-02-21 04:59 - 001310520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-01-15 14:37 - 2019-02-21 04:59 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2020-01-15 14:37 - 2019-02-21 04:59 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-01-15 14:37 - 2019-02-21 04:59 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2020-01-15 14:37 - 2019-02-21 04:58 - 004055784 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2020-01-15 14:37 - 2019-02-21 04:58 - 003960552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 14:37 - 2019-02-21 04:58 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-01-15 14:37 - 2019-02-21 04:58 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-01-15 14:37 - 2019-02-21 04:56 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000556032 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:38 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2020-01-15 14:37 - 2019-02-21 04:38 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2020-01-15 14:37 - 2019-02-21 04:38 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2020-01-15 14:37 - 2019-02-21 04:38 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2020-01-15 14:37 - 2019-02-21 04:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2020-01-15 14:37 - 2019-02-21 04:38 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2020-01-15 14:37 - 2019-02-21 04:36 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-01-15 14:37 - 2019-02-21 04:36 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-01-15 14:37 - 2019-02-21 04:36 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-01-15 14:37 - 2019-02-21 04:34 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2020-01-15 14:37 - 2019-02-21 04:34 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2020-01-15 14:37 - 2019-02-21 04:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2020-01-15 14:37 - 2019-02-21 04:34 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2020-01-15 14:37 - 2019-02-21 04:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2020-01-15 14:37 - 2019-02-21 04:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2020-01-15 14:37 - 2019-02-10 17:43 - 000078560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2020-01-15 14:37 - 2019-02-10 17:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2020-01-15 14:37 - 2019-02-10 17:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-01-15 14:37 - 2019-02-10 17:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2020-01-15 14:37 - 2019-02-10 17:37 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2020-01-15 14:37 - 2019-02-10 17:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2020-01-15 14:37 - 2019-02-10 17:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2020-01-15 14:37 - 2019-02-10 17:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2020-01-15 14:37 - 2019-02-10 17:28 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-01-15 14:37 - 2019-02-10 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2020-01-15 14:37 - 2019-02-10 17:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2020-01-15 14:37 - 2019-02-10 17:24 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2020-01-15 14:37 - 2019-02-10 17:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-01-15 14:37 - 2019-02-10 17:19 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2020-01-15 14:37 - 2019-02-10 17:19 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-01-15 14:37 - 2018-11-18 03:59 - 000410080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2020-01-15 14:37 - 2018-11-18 03:44 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-01-15 14:37 - 2018-11-18 03:44 - 000470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2020-01-15 14:37 - 2018-11-18 03:43 - 000374872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2020-01-15 14:37 - 2018-11-18 03:43 - 000249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2020-01-15 14:33 - 2019-02-16 06:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-01-15 13:58 - 2020-01-15 13:58 - 000000000 ____D C:\ProgramData\AVG
2020-01-15 13:14 - 2020-01-15 13:15 - 000001837 _____ C:\Users\Kamil\Desktop\UsbFix Anti-Malware.lnk
2020-01-15 13:14 - 2020-01-15 13:15 - 000000000 ____D C:\Program Files\UsbFix
2020-01-15 12:54 - 2020-01-15 12:54 - 019255000 ___SH (Microsoft Corporation) C:\Users\Kamil\Downloads\._cache_MediaCreationTool1909.exe
2020-01-15 12:25 - 2020-01-16 17:15 - 000000000 ____D C:\FRST
2020-01-15 12:25 - 2020-01-15 12:25 - 002303488 ___SH (Farbar) C:\Users\Kamil\Desktop\._cache_FRST.exe
2020-01-15 12:09 - 2020-01-15 12:09 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-01-15 12:09 - 2020-01-15 12:09 - 000001005 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-01-15 11:19 - 2020-01-16 15:15 - 000000000 ____D C:\ESD
2020-01-15 11:16 - 2020-01-15 11:16 - 000000000 ____D C:\$WINDOWS.~BT
2020-01-08 20:12 - 2020-01-08 20:12 - 000000000 ____D C:\ProgramData\Tages
2020-01-08 20:11 - 2020-01-08 20:11 - 000281760 _____ C:\Windows\system32\Drivers\atksgt.sys
2020-01-08 20:11 - 2020-01-08 20:11 - 000025888 _____ C:\Windows\system32\Drivers\lirsgt.sys
2020-01-08 20:11 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2020-01-08 20:11 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2020-01-08 20:11 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2020-01-08 20:11 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2020-01-08 20:11 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2020-01-08 20:11 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2020-01-08 20:11 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2020-01-08 20:11 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2020-01-08 20:11 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2020-01-08 20:11 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2020-01-08 20:11 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2020-01-08 20:11 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2020-01-08 20:11 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2020-01-08 20:11 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2020-01-08 20:11 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2020-01-08 20:11 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2020-01-08 20:11 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2020-01-08 20:11 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2020-01-08 20:11 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2020-01-08 20:11 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2020-01-08 20:11 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2020-01-08 20:11 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2020-01-08 20:11 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2020-01-08 20:11 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2020-01-08 20:11 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2020-01-08 20:11 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2020-01-08 20:11 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2020-01-08 20:11 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2020-01-08 20:11 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2020-01-08 20:11 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2020-01-08 20:11 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2020-01-08 20:11 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2020-01-08 20:11 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2020-01-08 20:11 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2020-01-08 20:11 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2020-01-08 20:11 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2020-01-08 20:11 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2020-01-08 20:11 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2020-01-08 20:11 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2020-01-08 20:11 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2020-01-08 20:11 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2020-01-08 20:11 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2020-01-08 20:08 - 2020-01-08 20:08 - 000000000 ____D C:\Program Files\Ubisoft
2020-01-07 13:25 - 2020-01-07 13:25 - 000054842 _____ C:\Users\Kamil\Downloads\3620003683.pdf
2019-12-31 12:40 - 2019-12-31 12:40 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Sun
2019-12-31 12:40 - 2019-12-31 12:40 - 000000000 ____D C:\Program Files\Common Files\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000112696 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\Program Files\Java
2019-12-31 12:39 - 2019-12-31 12:39 - 000000000 ____D C:\Program Files\Common Files\Oracle

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-16 16:39 - 2012-04-18 19:27 - 000000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job
2020-01-16 15:16 - 2013-08-20 08:57 - 000141312 ___SH C:\Users\Kamil\Documents\Thumbs.db
2020-01-16 15:15 - 2012-04-18 19:19 - 000000000 ____D C:\Windows\Panther
2020-01-16 14:33 - 2009-07-14 05:34 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-16 14:33 - 2009-07-14 05:34 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-16 12:00 - 2019-03-22 07:33 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2020-01-16 12:00 - 2019-03-22 07:33 - 000000035 _____ C:\ProgramData\Documents\AtherosServiceConfig.ini
2020-01-16 04:43 - 2016-12-13 15:38 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\Mozilla
2020-01-16 04:42 - 2010-11-20 22:01 - 000008582 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-16 04:34 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-16 04:20 - 2012-06-23 20:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-15 18:39 - 2012-04-18 19:27 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job
2020-01-15 17:40 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2020-01-15 15:46 - 2015-10-08 13:54 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\uTorrent
2020-01-15 15:45 - 2012-04-18 18:26 - 000000000 ____D C:\Users\Kamil
2020-01-15 15:42 - 2017-04-25 11:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-15 15:39 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-01-15 15:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\Dism
2020-01-15 13:59 - 2012-04-18 19:56 - 000000000 ____D C:\Program Files\AVG
2020-01-15 13:11 - 2019-03-08 03:11 - 000000000 ____D C:\Users\Kamil\AppData\LocalLow\Adblock Plus for IE
2020-01-15 12:09 - 2015-08-27 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-01-15 12:09 - 2015-08-27 23:54 - 000000000 ____D C:\Program Files\RogueKiller
2020-01-15 12:09 - 2015-03-21 10:07 - 000000000 ____D C:\ProgramData\RogueKiller
2020-01-15 11:05 - 2017-03-29 04:36 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-01-15 09:18 - 2018-03-13 23:18 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-15 09:18 - 2012-07-19 15:59 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-01-15 09:18 - 2012-07-19 15:59 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-01-15 09:18 - 2012-07-19 15:59 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-15 09:18 - 2012-07-19 15:59 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-12 13:34 - 2012-04-19 15:22 - 000183112 _____ C:\Windows\system32\PnkBstrB.exe
2020-01-12 13:34 - 2012-04-19 15:22 - 000138184 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2020-01-09 05:25 - 2017-03-28 16:19 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-08 20:53 - 2012-04-18 18:32 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2020-01-08 20:53 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-01-04 06:05 - 2014-11-25 19:35 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2020-01-03 14:11 - 2018-07-13 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-01-02 16:06 - 2016-06-26 05:21 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2020-01-01 11:45 - 2013-03-21 20:27 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Thunderbird
2019-12-31 16:16 - 2012-05-28 10:02 - 000000000 ____D C:\Program Files\JDownloader
2019-12-19 17:18 - 2017-04-25 13:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-19 09:02 - 2013-04-02 16:25 - 000001414 _____ C:\Users\Kamil\Desktop\Heslo.txt
2019-12-17 17:01 - 2013-03-14 09:16 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\PC Suite
2019-12-17 15:47 - 2013-03-28 06:30 - 000000000 ____D C:\Users\Kamil\dwhelper

==================== Files in the root of some directories ========

2019-09-20 06:14 - 2019-08-10 13:37 - 000018184 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018184 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-file-l2-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020744 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-localization-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-processthreads-l1-1-1.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-synch-l1-2-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-core-timezone-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000022280 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-convert-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-environment-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020232 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-filesystem-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000019208 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-heap-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-locale-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000028936 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-math-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000026376 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-multibyte-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000022792 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-runtime-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000024328 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-stdio-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000024328 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-string-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000020744 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-time-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000018696 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\api-ms-win-crt-utility-l1-1-0.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 001172232 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\ucrtbase.dll
2019-09-20 06:14 - 2019-08-10 13:37 - 000082752 _____ (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\vcruntime140.dll
2015-10-27 18:05 - 2016-12-21 06:39 - 000057344 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-20 14:11 - 2018-12-20 14:11 - 000002404 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-07-22 16:35 - 2019-03-11 09:47 - 000007622 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-08 10:19
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2020
Ran by Kamil (16-01-2020 17:16:09)
Running from C:\Users\Kamil\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-04-18 17:26:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3867848799-1210266518-3605795662-500 - Administrator - Disabled)
Guest (S-1-5-21-3867848799-1210266518-3605795662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3867848799-1210266518-3605795662-1002 - Limited - Enabled)
Kamil (S-1-5-21-3867848799-1210266518-3605795662-1000 - Administrator - Enabled) => C:\Users\Kamil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
Adblock Plus pre IE (32-bitová verzia) (HKLM\...\{1C4B00CA-AA30-4A84-9BC0-1F4B52CB8A0A}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIDA64 Extreme Edition v2.30 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.30 - FinalWire Ltd.)
Aimersoft Helper Compact 2.5.1 (HKLM\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
AIMP (HKLM\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Aktualizácie NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Any DVD Converter Professional 4.0.3 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Apowersoft Online Launcher version 1.4.6 (HKLM\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
Apowersoft Video Konvertor V4.5.9 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.5.9 - APOWERSOFT LIMITED)
Apowersoft Video Stahovač V6.4.6 (HKLM\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.6 - APOWERSOFT LIMITED)
Ashampoo Burning Studio 10 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ASUS Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.60 - ASUS Communications)
ASUS nVidia Driver (HKLM\...\{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}) (Version: 1.00.0000 - ASUSTek) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.61.1065 - AB Team, d.o.o.)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (HKLM\...\{9E0E1E3B-229C-4CF9-8A39-4455477327E4}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
C4600_NCL_Help (HKLM\...\{F39AB038-876C-4FAE-8D40-6A21632BF92D}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
DU Meter (HKLM\...\DUMeter3_is1) (Version: 4.0 Build R3009 - Hagel Technologies Ltd)
ESET Security (HKLM\...\{A159EF1D-B3A2-441D-9731-06A345BF258F}) (Version: 13.0.24.0 - ESET, spol. s r.o.)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Java 8 Update 231 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Quest III (HKLM\...\{34AF0799-8123-41BA-885A-BDEB157607F9}) (Version: 1.0.0 - LeeGTs Games)
LightScribe System Software (HKLM\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaCoder 2011 (HKLM\...\MediaCoder) (Version: 2011 - Broad Intelligence)
MediaInfo 0.7.48 (HKLM\...\MediaInfo) (Version: 0.7.48 - MediaArea.net)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta World Atlas 1998 Edition (HKLM\...\Encarta Virtual Globe 3.0) (Version: - )
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Connect (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
Mozilla Firefox 72.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 72.0.1 (x86 sk)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1.7311 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 cs) (HKLM\...\Mozilla Thunderbird 68.3.1 (x86 cs)) (Version: 68.3.1 - Mozilla)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}) (Version: 3.7.22.0 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
NVIDIA 3D Vision radič ovládača 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera 11.51 (HKLM\...\Opera 11.51.1087) (Version: 11.51.1087 - Opera Software ASA)
Ovládací panel NVIDIA 353.62 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 353.62 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Počítačový prístup k internetu Nokia (HKLM\...\{653A52D8-127C-476D-BAD9-27117A3A4959}) (Version: 2.0.1.3 - Nokia) Hidden
Počítačový prístup k internetu Nokia (HKLM\...\Nokia PC Internet Access) (Version: 2.0.1.3 - Nokia)
PS_AIO_05_C4600_Software_Min (HKLM\...\{1CA3A991-B03D-4C92-9922-315E5434E87B}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RogueKiller version 14.0.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.4.0 - Adlice Software)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verzia 8.55 (HKLM\...\Skype_is1) (Version: 8.55 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Status (HKLM\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander Ultima Prime 4.5.0.0 (HKLM\...\TC UP) (Version: 4.5.0.0 - ULTIMA PRIME)
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UmmyVideoDownloader (HKLM\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.7.2.4 - ) <==== ATTENTION
Uninstall DS Clock (HKLM\...\DS Clock_is1) (Version: 1.5 - Duality Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.2.6 - SOSVirus (SOSVirus.Net))
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Video Fixer 3.23 (HKLM\...\Video Fixer 3.23_is1) (Version: - video-fixer Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files\Bluetooth Suite\ShellContextExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-10-14] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2008-01-30] () [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader\Help\ђусский.lnk -> C:\Users\Kamil\AppData\Local\UmmyVideoDownloader\1.7.2.4\help\Ummy_rus.pdf () <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2012-12-21 15:29 - 2012-12-21 15:29 - 000110080 _____ () [File not signed] C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2008-01-30 18:08 - 2008-01-30 18:08 - 000160256 _____ () [File not signed] C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll
2012-04-18 19:46 - 2011-03-02 11:40 - 000140288 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2015-08-13 16:13 - 2016-10-14 19:34 - 001317960 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files\AIMP3\System\aimp_menu32.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000064672 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\AthCopyHook.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000033440 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BPP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000037024 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTBIP.DLL
2011-03-01 15:42 - 2011-03-01 15:42 - 000040096 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStore.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000036000 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtFileStoreOpp.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtObexFt.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000158880 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BTOBEXOP.dll
2011-03-01 15:42 - 2011-03-01 15:42 - 000154784 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\BtvAppExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\goep.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
2011-03-01 15:43 - 2011-03-01 15:43 - 000076960 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Handsfree.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000101536 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\L2capLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000879776 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\OutLookLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\RfcommLib.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000244384 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\ShellContextExt.dll
2011-03-01 15:43 - 2011-03-01 15:43 - 000068768 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files\Bluetooth Suite\Sync.dll
2013-03-24 03:04 - 2007-10-15 15:18 - 000395264 _____ (Hagel Technologies Ltd) [File not signed] C:\Program Files\DU Meter\sqlite3.dll
2009-11-18 03:42 - 2009-11-18 03:42 - 000253568 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000217728 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-11-18 03:16 - 2009-11-18 03:16 - 000137344 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSLog.dll
2010-06-16 12:45 - 2010-06-16 12:45 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
2012-12-21 15:30 - 2012-12-21 15:30 - 000599552 _____ (Igor Pavlov) [File not signed] C:\Program Files\Nokia\Nokia Suite\7z.DLL
2013-08-17 08:15 - 2013-08-17 08:15 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2013-08-17 08:16 - 2013-08-17 08:16 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2012-12-21 15:28 - 2012-12-21 15:28 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Nokia\Nokia Suite\libeay32.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2020-01-15 19:54 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\TC UP\PLUGINS\Library;C:\Program Files\VDownloader;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: D: =>
MSCONFIG\startupreg: DU Meter => C:\Program Files\DU Meter\DUMeter.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NokiaPCInternetAccess => "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FE7AC9CF-3561-47A5-B99A-69042B495B0B}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{D7A9353B-05AF-41BB-AEC5-24E5A30E4BC9}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{F388A335-B65D-4EB0-9F4E-867A81A8DEB5}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{F60AC1A0-B039-4980-A08A-FC770460757C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CB4E05BA-042A-4CCE-985A-2842E3FD6740}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1B9D84F-D9C4-4F69-B7A7-8123CB72A58F}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BC115943-2074-4D67-86FD-304E973A8A07}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{077124A8-39E9-4C48-8F68-258E5426535D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01E3A908-8988-414D-8EFA-76B4264EEF93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{41A4F2EE-D814-434F-8059-6EEFE13045E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DBF38C8D-71CE-41FE-8CC7-D3F53D63EEB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5C6334B-DDA4-4EBB-B509-0C3D816A18A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E0A802B-A8DE-4DAB-BC8C-BDF2CF4E4A93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E9B6AD04-798C-4BA7-88B4-C0D397E9A1DF}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [UDP Query User{AA1B92BD-0FF8-4665-88C0-3C0AA70918D8}C:\users\kamil\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kamil\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [{73ACB86A-9ACB-49D1-B939-813CC1D16D71}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{598C2D51-05EE-4313-AB37-D8A4FE4BD351}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{CE6E99D3-D187-4BEE-9211-1ECBA00A910C}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{89DD17C6-9B3B-4FD2-922E-092D68856D3E}] => (Allow) C:\Users\Kamil\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{649C8FDF-A5D3-4B69-872E-79D05B54C656}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{39CC2FED-E291-4825-9D17-04FD47F52A69}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{B565FEC6-4AA6-43CC-BDAD-4765CE2475B9}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{7746F667-6FC9-48F5-9DF3-96B8BE3FB5D6}] => (Allow) C:\Users\Kamil\AppData\Roaming\skype.exe No File
FirewallRules: [{D4BFA56F-42DD-4729-BC10-7F5D568A0415}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9834E6EE-D943-4C3F-9CD6-C5E22428B2BF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{2913477A-8313-4412-AD83-EB90BE61B927}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{FC95DE93-382E-401E-B9FA-CA5E3763026C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7BB1B054-2824-446D-BB61-56609EB37AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9CA61943-BBAE-4F24-BD93-D07CD82E5626}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D416DD57-4189-4309-A68B-043B1EBC022C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{713C67D3-8693-4AA7-BB8A-46A238724BF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{44BA0745-1436-49E9-8F46-E07661FD8C6F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard) [File not signed]
FirewallRules: [{A5A5FD06-C66B-479C-99FB-3C34745CB483}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{B4549B05-C21C-45C1-88DA-2CC7C746D3FA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68C9AE4C-A7AF-4990-A530-B0F3E2C70A02}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{50C54499-3900-4437-B5EF-F0DC696F7BEA}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{F5E00402-58D3-4984-BA38-A7262B7E42BE}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{07E7C946-C6CD-4426-84E6-E45A85CFD3D4}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{05BB745C-4079-4C1E-BAA2-EF970F6B72C0}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{B183860A-0B39-4E91-A072-E790550A4384}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{99526F96-7CEF-41F3-A3BB-3A070F596371}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{551B6C6C-542A-4C44-BE40-E9F34A859164}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [{770CBAE4-EE3F-4386-A4FC-E50CA29E48FD}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D1614519-6472-4369-82DD-332040705988}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC265BB4-0A03-4C18-AF94-584A889A38FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-01-2020 14:32:57 Windows Update
15-01-2020 14:37:24 Windows Update
15-01-2020 19:53:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2020 06:17:25 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll".Error in manifest or policy file "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/16/2020 04:42:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/16/2020 04:42:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/16/2020 04:36:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2020 04:12:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: Explorer.EXE, verzia: 6.1.7601.17514, časová značka: 0x4ce796f3
Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000005
Odstup chyby: 0x03820fef
Identifikácia chybného procesu: 0x6b8
Čas spustenia chybnej aplikácie: 0x01d5cc19c9d7866c
Cesta chybnej aplikácie: C:\Windows\Explorer.EXE
Cesta chybného modulu: unknown
Identifikácia hlásenia: 16b789a4-380e-11ea-a788-50e549c82b33

Error: (01/16/2020 04:00:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 07:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 07:53:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Prístup je odmietnutý.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {16583f66-e03a-4e9c-a36a-260e8466de4f}


System errors:
=============
Error: (01/16/2020 04:42:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMI Performance Adapter bola ukončená s nasledujúcou chybou:
Neznáma chyba

Error: (01/16/2020 04:34:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/16/2020 04:34:08 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/16/2020 03:58:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/16/2020 03:58:15 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 07:57:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
sptd

Error: (01/15/2020 07:56:46 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/15/2020 07:53:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DU Meter Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F9 10/13/2011
Motherboard: Gigabyte Technology Co., Ltd. GA-990XA-UD3
Processor: AMD Phenom(tm) II X6 1045T Processor
Percentage of memory in use: 95%
Total physical RAM: 3069.24 MB
Available physical RAM: 139.79 MB
Total Virtual: 6436.46 MB
Available Virtual: 581.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.42 GB) (Free:34.07 GB) NTFS
Drive d: () (Fixed) (Total:1289.74 GB) (Free:22.12 GB) NTFS
Drive h: (KINGSTON) (Removable) (Total:28.8 GB) (Free:27.43 GB) FAT32

\\?\Volume{bacf6a23-897a-11e1-a07a-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 809EDEEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1289.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 28.8 GB) (Disk ID: 703F315E)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0C)

==================== End of Addition.txt =======================
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#8 Příspěvek od kamistr »

Zdravi,

niekto sa pripaja do PC, je to z tejto lokality : Tips Sent between 7 p.m. and 8 p.m.19 minutes ago
Location:
France
Browser: Windows 10, Chrome 77

Mal som napadnuty aj gmail.com, musel som menit heslo ! Ta ista lokalita ...
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#9 Příspěvek od Conder »

:arrow: Zatial odporucam neprihlasovat sa prostrednictvom tohto PC na ziadne citlive stranky (e-mail, internet banking...) a prostrednictvom ineho cisteho PC (alebo smartfonu) odporucam zmenit hesla.

:arrow: Odkial je ta informacia o pripajani k PC (tvoj posledny prispevok)?

:arrow: Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/
  • Uloz na plochu a spusti ako spravca
  • Potvrd licencne podmienky
  • Klikni na Change parameters, oznac moznost "Loaded Modules" a potvrd restart PC kliknutim na Reboot Now
  • Po restartovani PC by sa mal automaticky spustit TDSSKiller
  • Klikni znovu na Change parameters a oznac moznosti "Verify driver digital signature" a "Detect TDLFS file system" a uloz kliknutim na OK
  • Klikni na "Start Scan" a pockaj na dokoncenie skenu
  • V pripade nalezov ponechaj vybrane predvolene moznosti a klikni na "Continue" a v pripade vyzvy potvrd restartovanie PC
  • Na disku C:\ sa vytvori textovy subor (log) s nazvom zacinajucim na "TDSSKiller" - jeho obsah vloz do dalsej odpovede (ak bude suborov viac, posli vsetky z nich)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#10 Příspěvek od kamistr »

Zdravim, hlasenie mi zaslal Google ucet, pri kontrole aktivity, mi to hlasilo polohu niekde pri Francuzku.
TDSS Killer nenasiel nic !
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#11 Příspěvek od Conder »

Poprosim aj o logy z TDSSKiller, mali by byt ulozene priamo na disku C:\

Urob sken cez Kaspersky Virus Removal Tool (KVRT): https://www.kaspersky.com/downloads/tha ... moval-tool
Stiahni cez cervene tlacitko "Download Now" a stiahnuty program spusti ako spravca
Klikni na "Change Parameters" a oznac moznost "System Drive"
Klikin na "Start Scan" a pockaj na dokoncenie
V pripade nalezov urob screenshot/snimku obrazovky - stlac klavesu Print Screen, otvor program Malovani / Skicar, stlac Ctrl+V a uloz obrazok (KVRT neumoznuje vytvorit skopirovatelny log)
Vytvoreny screenshot posli ako prilohu k dalsiemu prispevku alebo ho nahraj na nejake webove ulozisko a posli odkaz
Nalezy nechaj zmazat - klikni na "Neutralize all" a nasledne na "Continue"
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#12 Příspěvek od kamistr »

15:59:14.0105 0x169c TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
15:59:19.0347 0x169c ============================================================
15:59:19.0347 0x169c Current date / time: 2020/01/20 15:59:19.0347
15:59:19.0347 0x169c SystemInfo:
15:59:19.0347 0x169c
15:59:19.0347 0x169c OS Version: 6.1.7601 ServicePack: 1.0
15:59:19.0347 0x169c Product type: Workstation
15:59:19.0347 0x169c ComputerName: KAMIL-PC
15:59:19.0363 0x169c UserName: Kamil
15:59:19.0363 0x169c Windows directory: C:\Windows
15:59:19.0363 0x169c System windows directory: C:\Windows
15:59:19.0363 0x169c Processor architecture: Intel x86
15:59:19.0363 0x169c Number of processors: 6
15:59:19.0363 0x169c Page size: 0x1000
15:59:19.0363 0x169c Boot type: Normal boot
15:59:19.0363 0x169c CodeIntegrityOptions = 0x00000000
15:59:19.0363 0x169c ============================================================
15:59:22.0217 0x169c KLMD registered as C:\Windows\system32\drivers\30345160.sys
15:59:22.0217 0x169c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.24384, osProperties = 0x0
15:59:24.0199 0x169c System UUID: {5F28634C-036F-D594-CEBC-045C36636673}
15:59:26.0367 0x169c Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:59:26.0429 0x169c Drive \Device\Harddisk1\DR1 - Size: 0x73467E800 ( 28.82 Gb ), SectorSize: 0x200, Cylinders: 0xEB2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:59:26.0429 0x169c ============================================================
15:59:26.0429 0x169c \Device\Harddisk0\DR0:
15:59:26.0429 0x169c MBR partitions:
15:59:26.0429 0x169c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:59:26.0429 0x169c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD6D8000
15:59:26.0429 0x169c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD70A800, BlocksNum 0xA137C800
15:59:26.0429 0x169c \Device\Harddisk1\DR1:
15:59:26.0429 0x169c MBR partitions:
15:59:26.0429 0x169c \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x39A2800
15:59:26.0429 0x169c ============================================================
15:59:26.0492 0x169c C: <-> \Device\Harddisk0\DR0\Partition2
15:59:26.0523 0x169c D: <-> \Device\Harddisk0\DR0\Partition3
15:59:26.0539 0x169c ============================================================
15:59:26.0539 0x169c Initialize success
15:59:26.0539 0x169c ============================================================
16:00:03.0698 0x1ff4 KLMD registered as C:\Windows\system32\drivers\13355799.sys
16:00:05.0086 0x1ff4 Deinitialize success
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#13 Příspěvek od kamistr »

TDSSKiller.3.1.0.28_20.01.2020_16.03.06_log.rar
(141.85 KiB) Staženo 71 x
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#14 Příspěvek od kamistr »

KVTR.rar
(207.26 KiB) Staženo 74 x
Nahoru
kamistr
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 17 zář 2005 13:58

Re: Prosím o kontrolu logu

#15 Příspěvek od kamistr »

KVTR1.rar
(199.29 KiB) Staženo 64 x
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“