Problém s BitcoinMiner, padá Chrome při otevření ESET web

Zpráva

Schummi · #1 Příspěvek od **Schummi** » 30 srp 2018 16:33

Přeju vše dobrý den,
mám problém s notebookem dcery, která si spustila nějaký stažený exe soubor a od té doby pc zlobí. Samy se vypínají programy (Commander, prohlížeč)počítač je občas zatížen přes 60% i když není nic spuštěno a jakmile se vypnulo wifi připojení,výkon spadl na 3%.
Chrome se automaticky zavře při vyhledání slova Eset nebo pokusu o přechod na stránky Esetu, nebo se naopak prohlížeč sám spustí stránky s erot. tématikou a podobně.

Dále nainstalovaný Norton hlásil: Pokus o narušení od objektu miner.fee.xmring.com byl zablokován, System infected:Miner.BitcoinMiner Activity 9
Pokoušel jsem se spustit FRST, ale okamžitě při spuštění spadne.

RSIT funguje a log je níže.

Děkuji za pomoc.
Jirka

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kristyna at 2018-08-30 16:53:22
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 36 GB (12%) free of 305 GB
Total RAM: 3957 MB (64% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 30652864
\??\C:\Windows\system32\conhost.exe "18875218961879228492-1858376640-1925192023-13922799658843335142952906642090485437
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" /s
"C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe"
"C:\Program Files\Fujitsu\PSUtility\PSUService.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e54cea82-372e-45c0-91b3-1d4914ae6f24 -SystemEventPortName:HostProcess-66a4c754-3e51-46d8-b756-414bf482bc21 -IoCancelEventPortName:HostProcess-bd49414b-c42e-4f7c-aedd-4c266d6d8ff5 -NonStateChangingEventPortName:HostProcess-288176dd-3765-4725-802d-ae845d13d2c2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9b9af394-e746-4b98-b92f-549762690193 -DeviceGroupId:
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe"
"C:\Program Files\Fujitsu\PSUtility\TrayManager.exe"
"C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe"
"C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe"
"C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\SysWOW64\svchost.exe"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\FJ Camera\Monitor.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE"
"taskhost.exe"
explorer.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Kristyna\AppData\Local\Temp\[42B996]"
\??\C:\Windows\system32\conhost.exe "109796967713925897-1852494504-1733432767-62097516616054874604022248671146527651
"C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\diMaster.dll" /prefetch:1
taskeng.exe {541FF61E-B876-4259-9EDB-AFB82C00490B}

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a0e74ab5-9d9e-471f-a0f5-5e572e9f5ee5 -SystemEventPortName:HostProcess-a0b5e81b-b816-494c-b060-c77646f9217b -IoCancelEventPortName:HostProcess-0657ffce-48a3-4fc5-8c7d-d3ca3f47bd2d -NonStateChangingEventPortName:HostProcess-6bd35554-454e-4a14-bba5-f86683616604 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:167cffe3-8b75-41e2-a2eb-4c727f7d2559 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
"C:\Filmy\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
wmiadap.exe /R /T

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-21 207032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-28 582008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-18 1058992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-28 245112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-18 149168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-18 678584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-14 13353064]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 2277992]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-08-11 2816808]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [2011-11-23 76104]
"PSUTility"=C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [2011-10-03 205168]
"SSUtility"=C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [2011-09-15 273776]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2011-09-30 158024]
"LoadBtnHnd"=C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2011-09-30 23368]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-08-27 3207968]
"Discord"=C:\Users\Kristyna\AppData\Local\Discord\app-0.0.301\Discord.exe [2018-04-30 57816920]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2018-08-24 49799144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"FUJ02B1_Apps"=C:\Program Files (x86)\Fujitsu\FUJ02B1\CheckBatteryPack.exe [2016-05-11 367424]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-06 291608]
"IndicatorUtility"=C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2010-09-29 48752]
"FJ Camera_Monitor"=C:\Program Files (x86)\FJ Camera\monitor.exe [2012-01-18 279416]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2018-05-30 5885352]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-30 16:53:22 ----D---- C:\rsit
2018-08-30 16:53:22 ----D---- C:\Program Files\trend micro
2018-08-29 16:39:10 ----D---- C:\Data
2018-08-29 14:10:28 ----AT---- C:\Windows\SYSWOW64\00009961.tmp
2018-08-29 13:59:57 ----AT---- C:\Windows\SYSWOW64\00009967.tmp
2018-08-29 13:26:12 ----AT---- C:\Windows\SYSWOW64\00016918.tmp
2018-08-29 13:10:41 ----AT---- C:\Windows\SYSWOW64\00008350.tmp
2018-08-29 12:40:34 ----D---- C:\Windows\system32\drivers\NSSx64
2018-08-29 12:40:33 ----D---- C:\Program Files (x86)\Norton Security Scan
2018-08-29 12:27:30 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-29 12:13:51 ----D---- C:\Program Files (x86)\Norton AntiVirus
2018-08-29 10:42:56 ----AT---- C:\Windows\SYSWOW64\00024736.tmp
2018-08-28 21:23:45 ----D---- C:\ProgramData\NCOTEMP
2018-08-28 21:23:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2018-08-28 21:23:09 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2018-08-28 21:22:19 ----D---- C:\Windows\system32\drivers\NAVx64
2018-08-28 21:22:16 ----D---- C:\ProgramData\Norton
2018-08-28 21:21:36 ----D---- C:\ProgramData\NortonInstaller
2018-08-28 21:21:36 ----D---- C:\Program Files (x86)\NortonInstaller
2018-08-28 17:43:14 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-19 15:49:56 ----D---- C:\Users\Kristyna\AppData\Roaming\ICQ
2018-08-19 14:45:41 ----D---- C:\Program Files (x86)\Microsoft
2018-08-04 14:00:42 ----D---- C:\Program Files (x86)\Cenega
2018-08-03 14:40:58 ----D---- C:\Users\Kristyna\AppData\Roaming\MPC-HC

======List of files/folders modified in the last 1 month======

2018-08-30 16:53:22 ----RD---- C:\Program Files
2018-08-30 16:52:58 ----D---- C:\Filmy
2018-08-30 16:52:31 ----D---- C:\Windows\Temp
2018-08-30 16:41:12 ----D---- C:\Windows\System32
2018-08-30 16:41:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-30 16:41:11 ----D---- C:\Windows\inf
2018-08-30 16:37:28 ----SHD---- C:\Windows\Installer
2018-08-29 17:15:34 ----SHD---- C:\System Volume Information
2018-08-29 16:49:28 ----D---- C:\Program Files (x86)\Steam
2018-08-29 16:46:43 ----D---- C:\Windows\Tasks
2018-08-29 16:46:43 ----D---- C:\Windows\system32\Tasks
2018-08-29 15:22:57 ----D---- C:\Users\Kristyna\AppData\Roaming\vlc
2018-08-29 15:16:01 ----RD---- C:\Program Files (x86)
2018-08-29 15:09:14 ----D---- C:\Users\Kristyna\AppData\Roaming\WTablet
2018-08-29 14:10:31 ----D---- C:\Windows\SysWOW64
2018-08-29 14:10:30 ----D---- C:\Program Files (x86)\FJ Camera
2018-08-29 14:10:28 ----D---- C:\Program Files (x86)\TeamViewer
2018-08-29 14:10:28 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2018-08-29 12:40:34 ----D---- C:\Windows\system32\drivers
2018-08-29 12:34:21 ----D---- C:\ProgramData\boost_interprocess
2018-08-29 12:27:30 ----D---- C:\Windows
2018-08-29 10:48:55 ----D---- C:\Users\Kristyna\AppData\Roaming\uTorrent
2018-08-29 09:56:51 ----D---- C:\Windows\Prefetch
2018-08-28 21:33:33 ----D---- C:\Program Files (x86)\Common Files
2018-08-28 21:23:45 ----HD---- C:\ProgramData
2018-08-28 21:23:09 ----D---- C:\Program Files\Common Files
2018-08-28 14:34:40 ----D---- C:\Program Files\Java
2018-08-28 14:33:33 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-26 16:34:51 ----D---- C:\Windows\system32\config
2018-08-22 17:20:42 ----D---- C:\Windows\Microsoft.NET
2018-08-22 16:22:02 ----D---- C:\Program Files (x86)\Call of Duty - Modern Warfare 2
2018-08-22 16:19:13 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-08-21 20:55:10 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-08-21 20:52:32 ----D---- C:\Program Files (x86)\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 FBIOSDRV;Fujitsu BIOS Driver; C:\Windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
R0 FJGSDisk;G-Sensor Application Filter Driver; C:\Windows\system32\DRIVERS\FJGSDisk.sys [2011-07-07 15600]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-06 16152]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAVx64\1506000.020\SYMDS64.SYS [2013-09-10 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [2014-08-26 1148120]
R1 ccSet_NAV;NAV Settings Manager; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [2013-09-26 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-10-04 484952]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-21 40344]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20180828.061\IDSvia64.sys [2018-08-28 1306592]
R1 MpKsle63d9e6d;MpKsle63d9e6d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDE90861-4311-4F93-8E6C-73E7516685C7}\MpKsle63d9e6d.sys [2018-08-29 58120]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [2014-08-26 37592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-11-30 358576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2018-08-29 153168]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\Windows\system32\DRIVERS\FUJ02B1.sys [2016-05-11 59152]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776x64.sys [2011-08-15 86888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2018-05-23 35648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-05-18 3811816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-16 2950632]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-06 356120]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-06 787736]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2011-12-23 3052920]
R3 swg3kmbb00;Sierra Wireless QMI USB-NDIS 6.20 miniport; C:\Windows\system32\DRIVERS\swg3kmbb00.sys [2012-10-18 477560]
R3 swg3knmea00;Sierra Wireless QMI NMEA Serial Communication; C:\Windows\system32\DRIVERS\swg3knmea00.sys [2012-10-18 269304]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\swg3kser00.sys [2012-10-18 269560]
R3 swibus00;Sierra Wireless Bus Enumerator 00; C:\Windows\system32\DRIVERS\swibus00.sys [2012-10-18 85880]
R3 swibusflt00;Sierra Wireless Bus Enumerator Filter 00; C:\Windows\system32\DRIVERS\swibusflt00.sys [2012-10-18 85880]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2018-08-29 99920]
R3 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NAVx64\1501000.012\SYMNETS.SYS [2013-09-26 590936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-08-11 1448496]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 36864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20180827.001\BHDrvx64.sys [2018-08-27 1919568]
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [2014-08-06 266968]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-11-23 134696]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2011-11-23 620584]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-11-23 167976]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-11-23 178728]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-11-23 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-11-23 21544]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EraserUtilDrv11311;EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [2013-10-04 140376]
S3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\ENG64.SYS [2018-08-29 138832]
S3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\EX64.SYS [2018-08-29 2153040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2012-06-13 266896]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSP64.SYS [2013-09-27 858200]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TesSafe;TesSafe; \??\C:\Windows\syswow64\TesSafe.sys []
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouterPro;Wacom Hid Router Pro; C:\Windows\system32\DRIVERS\wachidrouter.sys [2018-05-30 115672]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2018-05-30 17880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-11-22 1084192]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-08-07 8522912]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSAudioSvc;DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 FUJ02E3Service;FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2011-11-23 76104]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2018-05-30 3346856]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2017-05-18 319096]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-05-27 419248]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 NAV;Norton AntiVirus; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [2014-09-21 262968]
R2 PFNService;PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2011-12-22 2213376]
R2 PowerSavingUtilityService;PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-10-03 63856]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 337776]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 SwiService;Sierra Wireless Service; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [2012-10-18 198032]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-02-02 6634224]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13 153168]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-12-21 1530376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-05-18 280696]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13 153168]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 116224]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-08-07 213032]
S3 osppsvc;Office Software Protection Platform; c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2018-02-02 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-27 1684256]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-11-04 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 30 srp 2018 16:57

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Schummi · #3 Příspěvek od **Schummi** » 30 srp 2018 20:07

vše proběhlo, nalezena jedna hrozba, která byla po restartu odstraněna, viz log níže.

-----
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-07-12.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-30-2018
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Kristyna\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1295 octets] - [30/08/2018 21:02:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Rudy** » 30 srp 2018 20:52

OK. Teď dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Schummi · #5 Příspěvek od **Schummi** » 30 srp 2018 21:32

zasílám logy z FRST, nejdřív log addition.txt

-----------------------------------------------------------Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Kristyna (30-08-2018 22:22:36)
Running from C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
Windows 7 Professional Service Pack 1 (X64) (2017-11-16 17:24:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1250171309-3979389096-1947347105-500 - Administrator - Disabled)
Guest (S-1-5-21-1250171309-3979389096-1947347105-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1250171309-3979389096-1947347105-1003 - Limited - Enabled)
Kristyna (S-1-5-21-1250171309-3979389096-1947347105-1001 - Administrator - Enabled) => C:\Users\Kristyna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Any Send 1.0 (HKLM-x32\...\{0897FBB8-CCB8-454C-A8C3-26B5EE15E4D7}) (Version: 1.0.0 - Adylitica) Hidden
Any Send 1.0 (x64) (HKLM\...\{BAB72871-C133-4628-9B56-6B17E90389E1}) (Version: 1.0.0 - Adylitica) Hidden
Any Send for Windows (HKLM-x32\...\{51142af8-bc9b-44c1-b78d-9e6c453b3022}) (Version: 1.0.0 - Adylitica, Inc.)
Any Send for Windows (HKLM-x32\...\{bb7e741b-f5d6-4340-8e21-8205ed9ded9b}) (Version: 1.0.0 - Adylitica, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour SDK (HKLM\...\{C0F5A19A-055A-4902-9D41-864127BFAF11}) (Version: 3.0.0.10 - Apple Inc.)
Corel Painter Essentials 6 - Content (HKLM\...\{56F051E4-C179-425E-9AA8-4B3FBC2F05B7}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - Core (HKLM\...\{FA3FA2BE-94D1-41CA-89BF-29AE2EB61E46}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - CT (HKLM\...\{404B42A1-47EF-44D5-B390-E0CB3F879497}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - DE (HKLM\...\{13CD16A8-0B5E-469D-A8C2-1BD41B58999F}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - EN (HKLM\...\{1B3DFFA0-0CE7-4607-8E55-FB64B8628995}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - FR (HKLM\...\{E39BC105-2204-4BA8-BB9F-D08E5BDD1493}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - IPM (HKLM\...\{B1AA1DD1-FC10-499C-B802-6C9558CBBC1A}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - IPM Content (HKLM\...\{68FC3BC5-C3AA-4B36-86F7-D4ED105E1D7B}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - JP (HKLM\...\{9BAC9F81-DE28-450F-B0F8-C319D08C2A6A}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 (HKLM\...\_{0EDEDA40-4B3A-46D0-A0D8-0FE8834390DE}) (Version: 6.0.0.167 - Corel Corpopration)
Corel Painter Essentials 6 (HKLM\...\{D5ACBF88-A251-4E63-8DFE-1EF7491D601E}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Thumbnail Previewer (HKLM\...\{50139369-99B2-496A-8726-D3DC5D6D4235}) (Version: 18.0 - Corel Corporation)
Corel Update Manager (HKLM\...\{5039B7BE-F79B-4121-A9D3-D66ED4169414}) (Version: 2.4.285 - Corel corporation) Hidden
Discord (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Exanima (HKLM-x32\...\1470768488_is1) (Version: 2.0.0.2 - GOG.com)
FJ Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.9.4 - SunplusIT)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
GameRanger (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\GameRanger) (Version: - GameRanger Technologies)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1806.2114 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
ICA (HKLM\...\{0EDEDA40-4B3A-46D0-A0D8-0FE8834390DE}) (Version: 6.0 - Corel Corpopration) Hidden
ICQ (verze 10.0.12341) (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\icq.desktop) (Version: 10.0.12341 - ICQ)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
K-Lite Codec Pack 14.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.5 - KLCP)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Little Fighter 2 1.9c (HKLM-x32\...\Little Fighter 2) (Version: 1.9c - )
LogMeIn Hamachi (HKLM-x32\...\{892DB406-ADF8-4C30-9840-8438AF5B8763}) (Version: 2.2.0.607 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.607 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2275 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25711 (HKLM\...\{7D02C46E-2953-3EB1-A5D5-7943C9D7684F}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25711 (HKLM\...\{043D5787-5988-3DE2-928D-3B6A75E2126E}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.150 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
O2Micro OZ776 SCR Driver (HKLM\...\{722AE78A-F730-4447-A6EC-099F6F7B2ABF}) (Version: 2.1.4.214GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{722AE78A-F730-4447-A6EC-099F6F7B2ABF}) (Version: 2.1.4.214GS - O2Micro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{f7f2057c-00c5-4cef-b26c-6fbf5feb90b4}) (Version: latest - ppy Pty Ltd)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.038 - FUJITSU LIMITED)
Project Zomboid verze Build 38.30 (HKLM-x32\...\{83545AFD-2CE1-49E0-9A97-25312A582C98}_is1) (Version: Build 38.30 - Trackeroc.Ru)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Rules of Survival version 1.167700.171312 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.167700.171312 - Hong Kong Netease Interactive Entertainment Limited)
Shade: HnÄ›v andÄ›lĹŻ (HKLM-x32\...\{5F055711-2CAF-4323-8443-BEE4913FC7E6}) (Version: 1.20.000 - )
Shock Sensor Driver (HKLM\...\{BFA53004-F544-4356-B0F9-735D69623447}) (Version: 1.01.00.002 - FUJITSU LIMITED) Hidden
Shock Sensor Driver (HKLM-x32\...\InstallShield_{BFA53004-F544-4356-B0F9-735D69623447}) (Version: 1.01.00.002 - FUJITSU LIMITED)
Shock Sensor Utility (HKLM\...\{4E7C12AC-8F19-49CC-87C3-0EAAD952F6B3}) (Version: 5.01.00.001 - FUJITSU LIMITED) Hidden
Shock Sensor Utility (HKLM-x32\...\InstallShield_{4E7C12AC-8F19-49CC-87C3-0EAAD952F6B3}) (Version: 5.01.00.001 - FUJITSU LIMITED)
Sierra Wireless QMI Fujitsu Driver Package (HKLM-x32\...\SWIFujitsuDrvInstaller) (Version: 2.8.1210.1 - Sierra Wireless Inc.)
Skype verze 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
Software IntelÂ® PROSet/Wireless WiFi (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.19.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.30-6 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3100 - Broadcom)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Kristyna\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14E8C7B6-B9EF-4221-BA3D-854ECCC240CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-21] (Microsoft Corporation)
Task: {22AB460A-0DA5-4F5D-AE1F-996A328ECAF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-21] (Microsoft Corporation)
Task: {247C2886-8442-4E92-9ABC-3240ECAC987D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {30F903E2-CF8A-4A93-BDD6-111CF24FC24D} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {33FECD53-E46D-4D66-B645-31FDC6882DE3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-21] (Microsoft Corporation)
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {41A1343F-5D8C-461E-9268-65A41AACA93B} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-11-06] (Corel Corporation)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {5C24A182-9D9E-4FD3-9D67-D5FA257A33E4} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7FBF36EB-A759-4046-8C22-E57D853DCD17} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {A0D5ABEF-2228-4118-B230-417464D8B158} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {A7D09C55-AAC3-4C91-BD70-AEF24183FA6F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B72C2222-71F9-4A69-ACAA-5537E9FDA863} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {C122302A-4CC1-46CC-BB17-A5858CA87835} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {CCEA2A20-5F2B-4F73-BED5-1884190143F9} - System32\Tasks\Norton Security Scan for Kristyna => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe [2018-01-10] (Symantec Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {DF95AEA0-5694-420C-BAA4-D82182F05110} - System32\Tasks\{FF6ED4FB-3AD6-C542-38D3-148DC339F3C5} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" perfectsidecom.ru/cl/?guid=allw6ke60tg0vxuxtz77lc36ep83kz9k&prid=1&pid=4_1324_0
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {F2D432C9-CBC7-4D87-B8AF-0F97338C2F1C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-05-02] ()
Task: {FA4CDFD2-ED5B-4E37-8D43-A5B74920C08E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-21] (Microsoft Corporation)
Task: {FCA4978D-F28A-4A58-BE96-F2A5C13BCD3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-18 08:44 - 2012-01-18 08:44 - 000279416 _____ () C:\Program Files (x86)\FJ Camera\Monitor.exe
2018-08-19 14:45 - 2018-08-24 23:36 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-08-29 11:20 - 2018-08-24 23:36 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-08-29 11:20 - 2018-08-24 23:36 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-08-19 14:45 - 2018-08-24 23:36 - 002725400 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-08-19 14:45 - 2018-08-24 23:36 - 000033304 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-08-29 11:20 - 2018-08-24 23:36 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-08-29 11:20 - 2018-08-24 23:36 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-08-29 11:20 - 2018-08-24 23:36 - 002384840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\sharepoint.com -> hxxps://vassboskovice53-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{735DB583-87F2-406C-B8C7-2650A49AA3EB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FE70A0D7-9A4E-4144-A29E-306A808D8296}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5CD91DE-2D26-4807-A9A5-FC6649E04A52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F65F05E9-D8AD-4DEE-96B9-1FD158850CB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{30527457-5A2E-4094-A38B-3589577D11DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B6070AC6-2F02-42B1-9628-076604D58442}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0480B8EF-5199-4AF9-8B18-E70992BB93F5}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{9CDF4EF9-CAEA-49BD-B652-2D67630F0408}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{A50F0088-D4D5-4444-A7AB-FD1AF2EA5796}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{3D6D99F8-8209-4CA9-9554-2BF38F6431AE}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{90942A52-16F4-4598-93B7-349689DAE8D5}C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{697E376E-4DEB-4CE5-894A-56A55D99C1F0}C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{5FA9E6DE-226A-4FE2-9F53-34CD5F304B13}C:\call of duty 1\the call of duty\codmp.exe] => (Allow) C:\call of duty 1\the call of duty\codmp.exe
FirewallRules: [UDP Query User{50B1400A-E944-4649-840A-E815CCD82B5C}C:\call of duty 1\the call of duty\codmp.exe] => (Allow) C:\call of duty 1\the call of duty\codmp.exe
FirewallRules: [TCP Query User{474A38E8-E13D-4E4D-AEAB-81816B2565BC}C:\program files (x86)\call of duty\codmp.exe] => (Allow) C:\program files (x86)\call of duty\codmp.exe
FirewallRules: [UDP Query User{9B5BBBFD-F341-4F70-937B-645A5E815BF1}C:\program files (x86)\call of duty\codmp.exe] => (Allow) C:\program files (x86)\call of duty\codmp.exe
FirewallRules: [TCP Query User{7BF37A9B-8D9A-4F01-90A7-5C8CC842C0E3}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{FF7621B5-5CF8-425B-A26D-9353E12F4F04}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{E7E2CDED-1953-469C-9679-3D0814F32B22}C:\install\hry\bulanci\bulanci.exe] => (Block) C:\install\hry\bulanci\bulanci.exe
FirewallRules: [UDP Query User{ABA62D8B-D3D9-4D0E-A1BD-6AF50D2EB07A}C:\install\hry\bulanci\bulanci.exe] => (Block) C:\install\hry\bulanci\bulanci.exe
FirewallRules: [TCP Query User{66730DAE-DC6B-4C9D-8E17-5576D52177C7}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{1F401D3C-4995-449E-A2A6-98A047A9A3A7}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{FC5F2F0E-4D22-453D-A297-33458E2F2E39}C:\program files (x86)\left 4 dead\left4dead.exe] => (Allow) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{B1282B2C-F8A5-4933-9A6F-72666C1E8486}C:\program files (x86)\left 4 dead\left4dead.exe] => (Allow) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{F531A7CE-FF38-424A-BAD4-5962C48746F5}C:\program files (x86)\left 4 dead\left4dead.exe] => (Block) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{6D7A4BC4-A9FB-457C-88D2-90D7F2644387}C:\program files (x86)\left 4 dead\left4dead.exe] => (Block) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [{2561B90F-8B75-45A8-9C0B-49B3C9FFDA6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D92792C2-56F7-4DC4-BF4B-024C53EAA44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FB6EFA3-0816-485D-A2A5-B4D6F2ECC38E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{201049A1-42EE-4BCB-B373-5C3680909176}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{2BA64ABE-2F2B-4BD3-8A15-A5EE97C954C3}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{B84A6DA9-0AC7-490B-984F-41F01536E5AF}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{DA78CB80-EB10-4D46-82D9-129B5B1B3159}C:\users\kristyna\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{E359A34A-7704-4A3A-B3E2-4893046AE429}C:\users\kristyna\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\win64\aces.exe
FirewallRules: [{0069FFEA-DB52-4040-8EE3-6610022E6CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C8C91C4E-7DEC-40A0-886C-D6B45A2795BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A02BB8EB-8960-4B72-B272-AC0819189ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{A0D1BE11-DFCC-4C5B-866D-D60A664AFFD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{50FD13BC-B788-4F8A-88E8-799619E7D596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{5E2AA3CD-FFF4-47F3-BD8A-A15672D7857A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{E97515BE-A78B-4C4F-BB1F-FB05F88425DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{338AEE10-E4FB-40BC-9FBC-E76CAAB39533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{6F62854B-AF17-45F5-A603-0D54ABC07A1E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{B4B7153A-48C6-4595-A182-05FDEC97B9EC}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{39981EEB-B861-4893-8FD6-A85D687D858D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{89DE33D3-46A4-4A47-B843-993271DD95F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{E4A852E7-882C-4813-B91C-AAEEFCE672A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B580F567-FD58-40F3-AF88-B60594A69324}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41A1BB5B-2B7C-4469-932C-CB3A5A48BAA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6A862BF3-6A5C-44C3-9861-35103B6C1449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{13A3FC75-3CB1-4BBF-8061-3B2F9A953F21}C:\program files (x86)\any send\any send.exe] => (Allow) C:\program files (x86)\any send\any send.exe
FirewallRules: [UDP Query User{F2275136-3EAE-4254-9114-B1F0D7C9058B}C:\program files (x86)\any send\any send.exe] => (Allow) C:\program files (x86)\any send\any send.exe
FirewallRules: [TCP Query User{9BCA39C8-3632-40F2-80F8-0F39E4B37DB3}C:\program files\any send\any send.exe] => (Allow) C:\program files\any send\any send.exe
FirewallRules: [UDP Query User{3083CDB0-3355-4103-8240-F3B70046B95C}C:\program files\any send\any send.exe] => (Allow) C:\program files\any send\any send.exe
FirewallRules: [TCP Query User{CB4B67B8-8717-4B86-AC69-81B12F050C58}C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe] => (Allow) C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe
FirewallRules: [UDP Query User{2EB1EC5C-94CC-4D0A-B44B-319F06DE4998}C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe] => (Allow) C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe
FirewallRules: [{AA7B9D3C-6263-4DDC-BB45-27B6249BF796}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FBD8C02A-2C18-4B62-A10E-40FA46D7E0DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC2391DC-E000-4032-9C99-FEA5DCD64EFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EEDA2671-64DD-4134-88CD-1DDF1A94FC09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1B4B7A9D-3725-4C4D-A7CD-220259AAA6A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{3383E2D6-1A23-47B4-98D8-439A2C276882}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [TCP Query User{E41EB166-25DC-4504-B696-48DBEFDBAD11}C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe] => (Allow) C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe
FirewallRules: [UDP Query User{257B7727-D2EC-4145-87C1-36F0C77B5D38}C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe] => (Allow) C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe
FirewallRules: [{499D0FF1-5CA7-4143-82BF-F136D57E7D9D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B4620474-AE7C-400B-BB0E-BB7CC2C98B75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6CF035DC-39D1-418F-91DE-BD0D865BA84E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AF810FA3-8EFE-4FC2-AEC5-88D57F694608}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0057339A-6B2C-4200-B28B-0D2EA2EB6699}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CCD6E2E1-C32C-4AAD-B54D-E9AA634FE55E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{64D3F20C-FAB1-4238-AC9A-27CE4B8AECF6}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{4712FD5C-3085-4C9D-8D0A-0F9385FC772F}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{DBF742BD-28F6-4FA1-B5DB-54504114E3C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{2DA46CCF-8790-4F57-8B1C-B77CA5811A48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [TCP Query User{8AACD568-B06D-4CA6-A331-248A48F6E6C2}C:\program files (x86)\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{8782A2D8-86DC-4F23-981E-72F997EAF654}C:\program files (x86)\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\far cry 3\bin\farcry3.exe
FirewallRules: [{FE5C8581-7096-403D-BEB0-96132209B0AC}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.2913\gxxsvc.exe
FirewallRules: [{26CF3687-B9FE-4FF4-8273-B4D8640BAC13}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1805.1715\gxxsvc.exe
FirewallRules: [TCP Query User{FC40D404-0AB1-4397-A154-5D0C8E657A22}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{7B582FEB-BB55-4A78-86EE-9B572696B932}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{D4567A05-85EB-4EAE-9EFA-F16EE605544C}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{2837817D-954F-4D23-8C8B-F995791391BA}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{0316ADF9-9D94-407B-9181-C29235A2819C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1806.0116\gxxsvc.exe
FirewallRules: [{26F18F3F-388F-4D72-8088-1CA8791F7CDE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{EE1C25CC-769F-4C19-9232-937E93065A87}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{FC9FE252-F0FD-44DA-AEFA-90B2F2C3718E}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{C657AB39-5232-4D76-8B6F-64E5702DAAD0}] => (Block) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{9AD7D63B-9CA7-4BF9-B1E7-7404CE97A1A1}] => (Block) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{B56A071E-D36D-493C-BB3B-B0BEF99492FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{07D66F6B-87FD-4194-906D-1206A913AB50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E6A628E9-9C95-4409-9CAA-082914FCFA39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7C77979-DB24-4F31-BDB9-F871816679A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{7BAD488C-C6C4-4D89-860F-61181D796465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{48A060F5-B80B-4EAE-BD49-3605C55736B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{C8643F68-176E-4D00-8EA9-6C6D6A92D224}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3E147968-D75C-4161-A8C2-886C0B4E4EC1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C2FC4C39-3564-439F-B06E-66E0C14D92BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{94022C68-F8C3-4B6B-A1B8-795DEAA8A344}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{729D4F9C-F490-43EC-89DB-5160AB1CEC8C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1281A408-7487-4850-9676-6EA903BB7E10}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7F0B9CEB-95ED-4744-B68F-5FB2A557A1D9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1DF8F5C6-AE30-4D92-867C-275F58F98772}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{E5321839-66EB-4619-8983-673C61C67F86}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1A7DF05A-BDD2-40F3-B22F-94DAF22A1F44}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{284B69DD-CF0C-4375-92F3-46F3912EB1AE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CC4034B1-F4A3-4ABA-AD39-C68F7CE0907D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B9599F1-CF23-4713-B5F2-EB4D20BF5580}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CCDC6D3D-59C7-4F09-ABFE-7C4A7CC42A54}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{241D595E-BDEC-4589-96BB-638E73537A52}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CF988DF5-CA57-4DBF-B7D4-1C9700C79F4F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A3A7A9ED-4B12-414C-8975-3264EE0690D3}] => (Allow) C:\Windows\SysWOW64\svchost.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2018 09:04:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2018 08:57:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2018 05:13:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: acc

ÄŚas spuĹˇtÄ›nĂ: 01d44071c29e48fa

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: 1b7728e3-ac67-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 4b0

ÄŚas spuĹˇtÄ›nĂ: 01d44071984ef793

ÄŚas ukonÄŤenĂ: 15

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: e0d7c9b5-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:56:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: fdc

ÄŚas spuĹˇtÄ›nĂ: 01d440718a4e1f37

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: d3257ec1-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:55:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 1cf8

ÄŚas spuĹˇtÄ›nĂ: 01d440711f28d03f

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: c4e6c29d-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:44:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 2040

ÄŚas spuĹˇtÄ›nĂ: 01d4406fc5ed81f1

ÄŚas ukonÄŤenĂ: 16

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: 3b901076-ac63-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:43:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program NOTEPAD.EXE verze 6.1.7601.18917 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 1ae4

ÄŚas spuĹˇtÄ›nĂ: 01d4406f82e06097

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Windows\SysWOW64\NOTEPAD.EXE

ID hlĂˇĹˇenĂ: ff7b8b39-ac62-11e8-9d08-c01885b73c13

System errors:
=============
Error: (08/30/2018 09:15:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Centrum spoleÄŤnosti Microsoft pro ochranu pĹ™ed ĹˇkodlivĂ˝m softwarem

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ podpisu: AntispywarovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\NETWORK SERVICE

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x80072ee7

Popis chyby: Nelze rozpoznat nĂˇzev nebo adresu serveru.

Error: (08/30/2018 09:15:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Centrum spoleÄŤnosti Microsoft pro ochranu pĹ™ed ĹˇkodlivĂ˝m softwarem

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ podpisu: AntivirovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\NETWORK SERVICE

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x80072ee7

Popis chyby: Nelze rozpoznat nĂˇzev nebo adresu serveru.

Error: (08/30/2018 09:14:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Server Microsoft Update

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://www.microsoft.com

Typ podpisu: AntivirovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\SYSTEM

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x8024402c

Popis chyby: PĹ™i zjiĹˇĹĄovĂˇnĂ aktualizacĂ doĹˇlo k neoÄŤekĂˇvanĂ˝m potĂĹľĂm. Informace o instalaci nebo Ĺ™eĹˇenĂ potĂĹľĂ s aktualizacemi naleznete v nĂˇpovÄ›dÄ› a podpoĹ™e.

Error: (08/30/2018 09:04:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SluĹľba Wacom Professional Service neuspÄ›la pĹ™i spuĹˇtÄ›nĂ v dĹŻsledku nĂˇsledujĂcĂ chyby:
SystĂ©m nemĹŻĹľe nalĂ©zt uvedenĂ˝ soubor.

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Windows Defender:
===================================
Date: 2018-08-28 21:09:16.729
Description:
ProhledĂˇvĂˇnĂ Windows Defender bylo zastaveno pĹ™ed dokonÄŤenĂm.
ID prohledĂˇvĂˇnĂ:{9AED0D07-DAF7-443C-8C01-93B4C6E2A45F}
Typ prohledĂˇvĂˇnĂ:AntispywarovĂ˝ program
Parametry prohledĂˇvĂˇnĂ:RychlĂ© prohledĂˇvĂˇnĂ
UĹľivatel:Kristyna-PC\Kristyna

CodeIntegrity:
===================================

Date: 2018-08-30 22:20:46.602
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 22:12:29.961
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 21:04:11.646
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:56:13.496
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:51:14.323
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:44:32.413
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 17:31:15.209
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 17:12:46.176
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3956.54 MB
Available physical RAM: 1802.23 MB
Total Virtual: 7911.25 MB
Available Virtual: 5729.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:36.04 GB) NTFS
Drive g: (FLPPY0) (Removable) (Total:14.98 GB) (Free:14.31 GB) FAT32

\\?\Volume{f5973dc4-c0b6-11e7-a3cb-806e6f6e6963}\ (RezervovĂˇno systĂ©mem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 6FBD0404)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 20796B73)
No partition Table on disk 1.

==================== End of Addition.txt ============================

------ log FRST.txt -------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by Kristyna (administrator) on KRISTYNA-PC (30-08-2018 22:22:09)
Running from C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
Loaded Profiles: Kristyna (Available Profiles: Kristyna)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: ÄŚeĹˇtina (ÄŚeskĂˇ republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
() C:\Program Files (x86)\FJ Camera\Monitor.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(IntelÂ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-08-11] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [SSUtility] => C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [273776 2011-09-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [FUJ02B1_Apps] => C:\Program Files (x86)\Fujitsu\FUJ02B1\CheckBatteryPack.exe [367424 2016-05-11] (FUJITSU LIMITED)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [FJ Camera_Monitor] => C:\Program Files (x86)\FJ Camera\monitor.exe [279416 2012-01-18] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2018-05-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-08-27] (Valve Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Discord] => C:\Users\Kristyna\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49799144 2018-08-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-11-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Technician\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start06W7new.cmd [2017-10-20] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{A0575902-F569-4763-B4E2-DAA31512CD10}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-18] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ufnpx8hu.default
FF ProfilePath: C:\Users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\ufnpx8hu.default [2017-12-01]
FF HKLM-x32\...\Firefox\Extensions: [bonjour4firefox@apple.com] - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension
FF Extension: (Bonjour Extension for Firefox) - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension [2018-01-20] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: (Norton Vulnerability Protection) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2018-08-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2018-01-02] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2018-01-02] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default [2018-08-30]
CHR Extension: (Prezentace) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (Dokumenty) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Disk Google) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Adblock Plus) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-28]
CHR Extension: (Tampermonkey) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-29]
CHR Extension: (Tabulky) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (ScriptMonkey) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-08-28]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-12-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522912 2018-08-07] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [198032 2012-10-18] (Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (IntelÂ® Corporation)
S2 WTabletServicePro; "C:\Program Files\Tablet\Wacom\WTabletServicePro.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20180827.001\BHDrvx64.sys [1919568 2018-08-27] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-08-29] (Symantec Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [15600 2011-07-07] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [59152 2016-05-11] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [86888 2011-08-15] (O2Micro)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20180828.061\IDSvia64.sys [1306592 2018-08-28] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\ENG64.SYS [138832 2018-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\EX64.SYS [2153040 2018-08-29] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-11-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3052920 2011-12-23] (Sunplus Technology)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 swg3kmbb00; C:\Windows\System32\DRIVERS\swg3kmbb00.sys [477560 2012-10-18] (Sierra Wireless Incorporated)
R3 swg3knmea00; C:\Windows\System32\DRIVERS\swg3knmea00.sys [269304 2012-10-18] (Sierra Wireless Incorporated)
R3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [269560 2012-10-18] (Sierra Wireless Incorporated)
R3 swibus00; C:\Windows\System32\DRIVERS\swibus00.sys [85880 2012-10-18] (Sierra Wireless Inc.)
R3 swibusflt00; C:\Windows\System32\DRIVERS\swibusflt00.sys [85880 2012-10-18] (Sierra Wireless Inc.)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1134048 2018-06-02] (TENCENT)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115672 2018-05-30] (Wacom Technology, Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-30 22:21 - 2018-08-30 22:21 - 000000000 ____D C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
2018-08-30 22:20 - 2018-08-30 22:20 - 000000000 ____D C:\Users\Kristyna\AppData\Local\TempOfficeC2RE54F952B-894E-400F-A0DD-2BCB331124E4
2018-08-30 22:13 - 2018-08-30 22:22 - 000000000 ____D C:\FRST
2018-08-30 21:11 - 2018-08-30 21:11 - 000000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
2018-08-30 20:51 - 2018-08-30 21:02 - 000000000 ____D C:\AdwCleaner
2018-08-30 20:45 - 2018-08-30 20:43 - 000002204 _____ C:\Users\Kristyna\Desktop\postup.txt
2018-08-30 20:45 - 2018-08-30 20:13 - 007417040 _____ (Malwarebytes) C:\Users\Kristyna\Desktop\adwcleaner_7.2.2.exe
2018-08-30 16:53 - 2018-08-30 16:53 - 000000000 ____D C:\rsit
2018-08-30 16:53 - 2018-08-30 16:53 - 000000000 ____D C:\Program Files\trend micro
2018-08-29 17:08 - 2018-08-29 17:08 - 000007657 _____ C:\Users\Kristyna\AppData\Local\Resmon.ResmonCfg
2018-08-29 16:39 - 2018-08-29 16:42 - 000000000 ____D C:\Data
2018-08-29 14:15 - 2018-08-29 14:44 - 000000000 ____D C:\Users\Kristyna\Downloads\ICQ
2018-08-29 14:10 - 2018-08-29 14:10 - 001720936 ____T C:\Windows\SysWOW64\00009961.tmp
2018-08-29 13:59 - 2018-08-29 13:59 - 001720936 ____T C:\Windows\SysWOW64\00009967.tmp
2018-08-29 13:26 - 2018-08-29 13:26 - 001720936 ____T C:\Windows\SysWOW64\00016918.tmp
2018-08-29 13:10 - 2018-08-29 13:10 - 001720936 ____T C:\Windows\SysWOW64\00008350.tmp
2018-08-29 12:40 - 2018-08-29 12:41 - 000004204 _____ C:\Windows\System32\Tasks\Norton Security Scan for Kristyna
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-08-29 12:27 - 2018-08-30 16:37 - 000000000 ____D C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-29 12:14 - 2018-08-30 20:57 - 000003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-08-29 12:13 - 2018-08-29 12:13 - 000000000 ____D C:\Program Files (x86)\Norton AntiVirus
2018-08-29 12:07 - 2018-08-29 12:12 - 232193752 _____ C:\Users\Kristyna\Downloads\NAV-TW-21.1.0-CZ (1).exe
2018-08-29 12:00 - 2018-08-29 12:05 - 222330689 _____ C:\Users\Kristyna\Downloads\Nepotvrzeno 729299.crdownload
2018-08-29 11:18 - 2018-08-30 20:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2018-08-29 11:05 - 2018-08-29 11:29 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2018-08-29 10:42 - 2018-08-29 10:42 - 001720936 ____T C:\Windows\SysWOW64\00024736.tmp
2018-08-29 09:56 - 2018-08-29 09:56 - 000000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2018-08-28 23:27 - 2018-08-28 23:28 - 000000000 ____D C:\Users\Kristyna\AppData\Local\NPE
2018-08-28 23:14 - 2018-08-28 23:14 - 000000000 ____D C:\Users\Kristyna\AppData\Local\CrashDumps
2018-08-28 21:23 - 2018-08-29 12:24 - 000000000 ____D C:\ProgramData\NCOTEMP
2018-08-28 21:23 - 2018-08-29 11:13 - 000099920 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-08-28 21:23 - 2018-08-29 11:13 - 000010396 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-08-28 21:23 - 2018-08-29 11:13 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-08-28 21:22 - 2018-08-30 20:57 - 000000000 ____D C:\Windows\system32\Drivers\NAVx64
2018-08-28 21:22 - 2018-08-29 12:40 - 000000000 ____D C:\ProgramData\Norton
2018-08-28 21:21 - 2018-08-29 17:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-08-28 21:21 - 2018-08-29 12:24 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-08-28 21:13 - 2018-08-28 21:20 - 232193752 _____ C:\Users\Kristyna\Downloads\NAV-TW-21.1.0-CZ.exe
2018-08-28 17:43 - 2018-08-29 11:43 - 000000000 ____D C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-28 15:43 - 2018-08-28 20:47 - 000000000 ____D C:\Users\Kristyna\Downloads\The Sims 4 [FitGirl Repack]
2018-08-28 15:43 - 2018-08-28 15:43 - 000003760 _____ C:\Windows\System32\Tasks\{FF6ED4FB-3AD6-C542-38D3-148DC339F3C5}
2018-08-28 15:43 - 2018-08-28 15:43 - 000003622 _____ C:\Windows\System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC}
2018-08-28 15:43 - 2018-08-28 15:43 - 000003410 _____ C:\Windows\System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC}
2018-08-28 15:43 - 2018-08-28 15:43 - 000000002 _____ C:\Users\Kristyna\AppData\Local\imw.ini
2018-08-28 15:42 - 2018-08-28 15:42 - 000184819 _____ C:\Users\Kristyna\Downloads\the-sims-4-v1_44_77_1020.torrent
2018-08-28 15:40 - 2018-08-28 15:40 - 000000286 _____ C:\Users\Kristyna\Downloads\the-sims-4-v1_44_77_1020_9XA2SW.torrent
2018-08-22 16:15 - 2018-08-22 16:15 - 000089492 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_Truny_Game_of_Thrones_7_serie_CZ_EN_WebRip_1080p_.torrent
2018-08-22 16:14 - 2018-08-22 16:14 - 000015614 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_6_serie_CZ_WebRip_.torrent
2018-08-22 16:03 - 2018-08-22 16:03 - 000076045 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_5_serie_CZ_TvRip_720p_.torrent
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (3).exe
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (2).exe
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (1).exe
2018-08-21 20:48 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full.exe
2018-08-21 20:47 - 2018-08-21 20:47 - 000000000 _____ C:\Users\Kristyna\Downloads\6766b2e3-6928-4419-8b7d-bce41e60b04e.tmp
2018-08-19 15:49 - 2018-08-19 15:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\ICQ
2018-08-19 15:49 - 2018-08-19 15:49 - 000001753 _____ C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2018-08-19 15:49 - 2018-08-19 15:49 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2018-08-19 14:46 - 2018-08-19 14:48 - 035443312 _____ C:\Users\Kristyna\Downloads\icq_rfrset.exe
2018-08-19 14:45 - 2018-08-29 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-19 14:35 - 2018-08-19 14:37 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Kristyna\Downloads\Skype-8.28.0.41.exe
2018-08-11 12:25 - 2018-08-11 12:25 - 002048114 _____ C:\Users\Kristyna\Downloads\Topografie.pdf
2018-08-11 12:08 - 2018-08-11 12:08 - 009667670 _____ C:\Users\Kristyna\Downloads\afz3.zip
2018-08-11 12:07 - 2018-08-11 12:07 - 003973284 _____ C:\Users\Kristyna\Downloads\anÄŤakostra (1).zip
2018-08-11 12:06 - 2018-08-11 12:06 - 003973284 _____ C:\Users\Kristyna\Downloads\anÄŤakostra.zip
2018-08-11 12:06 - 2018-08-11 12:06 - 002731242 _____ C:\Users\Kristyna\Downloads\afz1zakl.zip
2018-08-08 01:55 - 2018-08-08 01:57 - 000000000 ____D C:\Users\Kristyna\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2018-08-04 14:00 - 2018-08-04 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CENEGA
2018-08-04 14:00 - 2018-08-04 14:00 - 000000000 ____D C:\Program Files (x86)\Cenega
2018-08-03 14:40 - 2018-08-03 14:40 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\MPC-HC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-30 22:14 - 2011-04-12 10:34 - 000668376 _____ C:\Windows\system32\perfh005.dat
2018-08-30 22:14 - 2011-04-12 10:34 - 000141004 _____ C:\Windows\system32\perfc005.dat
2018-08-30 22:14 - 2009-07-14 07:13 - 001582262 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-30 22:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-30 21:55 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-30 21:55 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-30 21:45 - 2017-11-23 21:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-30 21:40 - 2018-07-28 10:45 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2018-08-30 21:40 - 2017-11-25 20:03 - 000000000 ____D C:\Program Files (x86)\FJ Camera
2018-08-30 21:04 - 2018-07-28 10:43 - 000000000 ____D C:\Users\Kristyna\AppData\Local\LogMeIn Hamachi
2018-08-30 21:04 - 2017-12-20 13:49 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-30 21:04 - 2017-11-16 19:24 - 000000000 __SHD C:\Users\Kristyna\IntelGraphicsProfiles
2018-08-30 21:03 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-30 16:52 - 2017-11-23 21:58 - 000000000 ____D C:\Filmy
2018-08-29 16:35 - 2018-01-20 16:26 - 000000000 ____D C:\Users\Kristyna\Desktop\osu!
2018-08-29 15:22 - 2017-11-23 21:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\vlc
2018-08-29 15:15 - 2018-01-20 13:51 - 000000000 ____D C:\Users\Kristyna\Documents\Any Send
2018-08-29 15:09 - 2018-07-25 14:35 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\WTablet
2018-08-29 12:34 - 2018-05-05 15:43 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-08-29 10:48 - 2017-12-01 20:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\uTorrent
2018-08-28 22:11 - 2018-05-02 17:23 - 000000000 ____D C:\Users\Kristyna\Desktop\Mafia
2018-08-28 14:34 - 2017-12-04 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-28 14:34 - 2017-12-04 17:53 - 000000000 ____D C:\Program Files\Java
2018-08-28 14:33 - 2017-12-04 17:54 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-22 16:22 - 2018-01-21 14:05 - 000000000 ____D C:\Program Files (x86)\Call of Duty - Modern Warfare 2
2018-08-22 16:22 - 2017-12-02 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty
2018-08-22 16:19 - 2017-11-04 11:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-21 20:55 - 2018-03-03 15:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-21 20:52 - 2018-03-03 14:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-17 18:59 - 2018-03-12 16:56 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1250171309-3979389096-1947347105-1001
2018-08-17 18:59 - 2018-03-03 15:44 - 000002196 _____ C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-08-17 18:59 - 2018-01-30 18:15 - 000000000 ___RD C:\Users\Kristyna\OneDrive
2018-08-11 12:21 - 2018-02-13 17:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 19:41 - 2017-12-21 17:21 - 000000000 ____D C:\Users\Kristyna\Documents\Klei
2018-08-05 09:35 - 2009-07-14 07:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2018-08-28 15:43 - 2018-08-28 15:43 - 000000002 _____ () C:\Users\Kristyna\AppData\Local\imw.ini
2018-08-29 17:08 - 2018-08-29 17:08 - 000007657 _____ () C:\Users\Kristyna\AppData\Local\Resmon.ResmonCfg
2018-04-02 17:09 - 2018-04-02 17:09 - 000000000 _____ () C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}

Some files in TEMP:
====================
2017-12-01 21:32 - 2017-12-01 21:32 - 003603050 _____ () C:\Users\Kristyna\AppData\Local\Temp\BingBarSetup-Partner.exe
2017-11-26 12:39 - 2017-11-26 12:39 - 000000000 ____D () C:\Users\Kristyna\AppData\Local\Temp\engine.exe
2018-04-29 08:05 - 2018-06-01 10:46 - 000450880 _____ (Garena Online ) C:\Users\Kristyna\AppData\Local\Temp\Garena.exe
2018-01-31 21:46 - 2018-01-31 21:46 - 001864256 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-23 16:22 - 2018-04-23 16:22 - 001884616 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-08-28 14:24 - 2018-08-28 14:24 - 001906040 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-08-28 15:45 - 2017-12-20 00:38 - 000104128 _____ () C:\Users\Kristyna\AppData\Local\Temp\Uninstall.exe
2018-06-25 15:53 - 2018-06-25 15:53 - 040184976 _____ () C:\Users\Kristyna\AppData\Local\Temp\vlc-3.0.3-win32.exe
2017-12-02 12:04 - 2004-12-10 12:01 - 001220976 _____ () C:\Users\Kristyna\AppData\Local\Temp\xfire_installer_10650.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 16:15

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 31 srp 2018 09:25

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
C:\Windows\SysWOW64\OqIJae.exe
C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\SysWOW64\00009961.tmp
C:\Windows\SysWOW64\00009967.tmp
C:\Windows\SysWOW64\00016918.tmp
C:\Windows\SysWOW64\00008350.tmp
C:\Windows\SysWOW64\00024736.tmp
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}
C:\Users\Kristyna\AppData\Local\Temp

EmptyTemp:
End

Uložte do C:\Users\Kristyna\Desktop\kladivo na šmejdy jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Schummi · #7 Příspěvek od **Schummi** » 31 srp 2018 09:50

provedeno dle instrukcí, níže je výpis Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Kristyna (31-08-2018 10:38:02) Run:1
Running from C:\Users\Kristyna\Desktop\kladivo na šmejdy
Loaded Profiles: Kristyna (Available Profiles: Kristyna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
C:\Windows\SysWOW64\OqIJae.exe
C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\SysWOW64\00009961.tmp
C:\Windows\SysWOW64\00009967.tmp
C:\Windows\SysWOW64\00016918.tmp
C:\Windows\SysWOW64\00008350.tmp
C:\Windows\SysWOW64\00024736.tmp
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}
C:\Users\Kristyna\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F518751-7A99-4CCD-8328-CC97AF1DA3F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F518751-7A99-4CCD-8328-CC97AF1DA3F0}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42EB5707-EA20-4630-BDEE-C0637EC443F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EB5707-EA20-4630-BDEE-C0637EC443F0}" => removed successfully
C:\Windows\System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C80FD02-B4EC-4768-811C-B916497B1FC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D275F02-E99B-4F14-BAC4-FB578002C450}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D275F02-E99B-4F14-BAC4-FB578002C450}" => removed successfully
C:\Windows\System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF3B5852-6462-40F8-85BC-5C7EB39554D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF3B5852-6462-40F8-85BC-5C7EB39554D5}" => removed successfully
C:\Windows\System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\SysWOW64\OqIJae.exe => moved successfully
C:\Windows\ZNEXBMkmW.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3853f588-91b3-11e8-8878-c01885b73c13}" => removed successfully
HKLM\Software\Classes\CLSID\{3853f588-91b3-11e8-8878-c01885b73c13} => not found
"HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{967f1677-d6c2-11e7-b9f6-c01885b73c13}" => removed successfully
HKLM\Software\Classes\CLSID\{967f1677-d6c2-11e7-b9f6-c01885b73c13} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
C:\Windows\SysWOW64\00009961.tmp => moved successfully
C:\Windows\SysWOW64\00009967.tmp => moved successfully
C:\Windows\SysWOW64\00016918.tmp => moved successfully
C:\Windows\SysWOW64\00008350.tmp => moved successfully
C:\Windows\SysWOW64\00024736.tmp => moved successfully
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E} => moved successfully

"C:\Users\Kristyna\AppData\Local\Temp" folder move:

Could not move "C:\Users\Kristyna\AppData\Local\Temp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 119244848 B
Java, Flash, Steam htmlcache => 12883439 B
Windows/system/drivers => 98837915 B
Edge => 0 B
Chrome => 407604341 B
Firefox => 161149949 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66356 B
LocalService => 16674 B
NetworkService => 25190820 B
Technician => 813752309 B
Kristyna => 3814531856 B

RecycleBin => 544 B
EmptyTemp: => 5.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-08-2018 10:43:48)

C:\Users\Kristyna\AppData\Local\Temp => moved successfully

==== End of Fixlog 10:43:49 ====

#8 Příspěvek od **Rudy** » 31 srp 2018 11:37

Smazáno. Nastala nějaká změna?

Schummi · #9 Příspěvek od **Schummi** » 31 srp 2018 11:47

Zkouším to, zatím vypadá, že to funguje, prohlížeč nepadá ani se sám nespouští.
Děkuji Vám moockrát za pomoc!

Copak tam bylo za havěť?

#10 Příspěvek od **Rudy** » 31 srp 2018 12:57

Byl tam BitCoinMiner, další asi 2 trojáky a nějaké zbytečnosti. Nemáte zač!

VIRY.CZ

Problém s BitcoinMiner, padá Chrome při otevření ESET web

Problém s BitcoinMiner, padá Chrome při otevření ESET web

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we