Poprosím o kontrolu

[DestinyToBorn]

Dobrý den
Včera mi malwerbytes našel na počítači trojan.bitcoinminer nebo něco takového tak bych vás chtěl požádat o kontrolu.
Děkuji předem za jakoukoliv pomoc
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
Ran by Idea (administrator) on IDEA-PC (26-09-2018 10:26:32)
Running from C:\Users\Idea\Desktop
Loaded Profiles: Idea (Available Profiles: Idea)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-11-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-11-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [Spotify] => C:\Users\Idea\AppData\Roaming\Spotify\Spotify.exe [25061776 2018-09-16] (Spotify Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Idea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2018-06-02]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B5F1CBA-9FE1-4146-B168-8E8D00DA2EE2}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-13] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-13] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-04-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default [2018-09-26]
CHR Extension: (Prezentace) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (BetterTTV) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Dokumenty) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-12]
CHR Extension: (YouTube) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]
CHR Extension: (Tabulky) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-12]
CHR Extension: (Chrome Media Router) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-05-16] ()
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-16] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-02] (Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-08-10] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-16] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-24] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-09-25] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-09-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-09-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-09-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-09-26] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S3 usbser; C:\WINDOWS\system32\DRIVERS\USBSER.sys [33280 2016-11-25] (Microsoft Corporation) [File not signed]
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-26 10:26 - 2018-09-26 10:27 - 000018840 _____ C:\Users\Idea\Desktop\FRST.txt
2018-09-26 10:26 - 2018-09-26 10:26 - 000000000 ____D C:\FRST
2018-09-26 10:25 - 2018-09-26 10:25 - 002414080 _____ (Farbar) C:\Users\Idea\Desktop\FRST64.exe
2018-09-26 10:21 - 2018-09-26 10:21 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-26 10:21 - 2018-09-26 10:21 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-26 10:21 - 2018-09-26 10:21 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-26 10:19 - 2018-09-26 10:19 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-25 21:57 - 2018-09-25 21:57 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-25 21:57 - 2018-09-25 21:57 - 000000000 ____D C:\Users\Idea\AppData\Local\mbamtray
2018-09-25 21:56 - 2018-09-25 21:56 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-25 21:56 - 2018-09-25 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-25 21:56 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-25 21:55 - 2018-09-25 21:55 - 000000000 ____D C:\Users\Idea\AppData\Local\mbam
2018-09-23 18:00 - 2018-09-23 18:08 - 1186365384 _____ C:\Users\Idea\Downloads\Anthony Joshua vs Alexander Povetkin.mkv
2018-09-12 07:47 - 2018-08-28 05:46 - 001764408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-12 07:47 - 2018-08-24 01:05 - 025736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-12 07:47 - 2018-08-24 00:34 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-12 07:47 - 2018-08-23 23:27 - 020279296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-12 07:47 - 2018-08-23 22:51 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-12 07:47 - 2018-08-14 03:22 - 022374608 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-09-12 07:47 - 2018-08-14 03:19 - 019790752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-09-12 07:47 - 2018-08-13 22:06 - 002530384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-12 07:47 - 2018-08-13 22:03 - 001903744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-12 07:47 - 2018-08-12 21:23 - 007373544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-12 07:47 - 2018-08-12 18:31 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-12 07:47 - 2018-07-24 19:50 - 006522344 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-12 07:47 - 2018-07-24 19:50 - 001488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-12 07:46 - 2018-08-28 07:39 - 001491032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-12 07:46 - 2018-08-28 03:36 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-12 07:46 - 2018-08-28 03:36 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-12 07:46 - 2018-08-24 00:54 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-12 07:46 - 2018-08-24 00:43 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-09-12 07:46 - 2018-08-24 00:33 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-09-12 07:46 - 2018-08-24 00:08 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-09-12 07:46 - 2018-08-24 00:01 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-12 07:46 - 2018-08-24 00:00 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-12 07:46 - 2018-08-23 23:52 - 004510720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-12 07:46 - 2018-08-23 23:40 - 001555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-12 07:46 - 2018-08-23 23:28 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-12 07:46 - 2018-08-23 23:15 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-09-12 07:46 - 2018-08-23 23:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-09-12 07:46 - 2018-08-23 22:49 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-09-12 07:46 - 2018-08-23 22:48 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-12 07:46 - 2018-08-23 22:44 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-12 07:46 - 2018-08-23 22:30 - 004037632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-12 07:46 - 2018-08-23 22:27 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-12 07:46 - 2018-08-23 22:24 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-12 07:46 - 2018-08-13 21:32 - 001368680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-12 07:46 - 2018-08-13 15:40 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-12 07:46 - 2018-08-13 15:39 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-12 07:46 - 2018-08-13 15:33 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-12 07:46 - 2018-08-13 15:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-12 07:46 - 2018-08-13 15:29 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-12 07:46 - 2018-08-12 21:06 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-12 07:46 - 2018-08-12 21:06 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-12 07:46 - 2018-08-12 21:06 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-12 07:46 - 2018-08-12 21:06 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-12 07:46 - 2018-08-12 21:04 - 002451808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-12 07:46 - 2018-08-12 18:06 - 001556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-12 07:46 - 2018-08-09 19:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-09-12 07:46 - 2018-08-09 19:39 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-12 07:46 - 2018-08-09 18:59 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-09-12 07:46 - 2018-08-09 18:41 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-09-12 07:46 - 2018-08-09 18:41 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-12 07:46 - 2018-08-09 18:39 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-12 07:46 - 2018-07-29 15:44 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-12 07:46 - 2018-07-24 19:50 - 000261408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-12 07:46 - 2018-07-24 15:45 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-12 07:46 - 2018-07-18 15:34 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-12 07:46 - 2018-07-06 19:14 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-09-12 07:46 - 2018-07-06 18:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-09-12 07:46 - 2018-07-06 01:17 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-09-12 07:46 - 2018-06-26 17:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2018-09-12 07:46 - 2018-06-26 17:14 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2018-09-12 07:46 - 2018-06-21 15:31 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-12 07:46 - 2018-06-21 15:30 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-12 07:46 - 2018-06-21 15:24 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-12 07:46 - 2018-06-21 15:24 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2018-08-29 15:53 - 2018-08-29 15:53 - 000001143 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-26 10:24 - 2017-02-12 18:56 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3896859002-1750763641-2436859191-1001
2018-09-26 10:21 - 2017-02-12 18:45 - 000000000 __SHD C:\Users\Idea\IntelGraphicsProfiles
2018-09-26 10:18 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-26 10:13 - 2017-11-19 16:40 - 000000433 _____ C:\Users\Idea\Desktop\Nový textový dokument.txt
2018-09-26 10:05 - 2014-11-21 06:53 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-26 10:05 - 2014-11-21 06:10 - 000734510 _____ C:\WINDOWS\system32\perfh005.dat
2018-09-26 10:05 - 2014-11-21 06:10 - 000148820 _____ C:\WINDOWS\system32\perfc005.dat
2018-09-26 10:05 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-09-26 09:11 - 2017-05-10 15:25 - 000003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{86E63323-2C13-491F-9D26-960A22EF9F49}
2018-09-25 19:22 - 2018-05-17 15:40 - 000000000 ____D C:\Users\Idea\AppData\Local\Spotify
2018-09-25 19:22 - 2018-05-17 15:39 - 000000000 ____D C:\Users\Idea\AppData\Roaming\Spotify
2018-09-23 20:20 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-09-23 18:12 - 2017-02-14 10:41 - 000000000 ____D C:\Users\Idea\AppData\Roaming\vlc
2018-09-23 17:18 - 2018-04-14 10:47 - 000003168 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3896859002-1750763641-2436859191-1001
2018-09-23 17:17 - 2018-04-13 14:10 - 000002334 _____ C:\Users\Idea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-09-18 04:53 - 2017-02-12 14:14 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 04:53 - 2017-02-12 14:14 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-15 12:03 - 2017-02-12 18:25 - 000000000 ____D C:\Users\Idea
2018-09-14 09:45 - 2013-08-22 16:44 - 000489472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-14 08:03 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-09-12 09:05 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-09-12 08:08 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-12 08:04 - 2017-02-12 10:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-12 08:00 - 2017-02-12 10:26 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-12 07:32 - 2018-04-11 19:18 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-10 17:48 - 2017-04-18 19:48 - 000000000 ____D C:\Program Files\CCleaner
2018-09-05 00:06 - 2017-02-12 20:23 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 00:06 - 2017-02-12 20:23 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-04 19:19 - 2017-03-05 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-08-31 12:30 - 2017-04-15 18:58 - 000000000 ____D C:\Users\Idea\AppData\Roaming\WinRAR
2018-08-29 15:53 - 2017-04-23 12:06 - 000000000 ____D C:\ProgramData\Package Cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-23 11:20

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018
Ran by Idea (26-09-2018 10:27:29)
Running from C:\Users\Idea\Desktop
Windows 8.1 (Update) (X64) (2017-02-12 16:45:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3896859002-1750763641-2436859191-500 - Administrator - Disabled)
Guest (S-1-5-21-3896859002-1750763641-2436859191-501 - Limited - Disabled)
Idea (S-1-5-21-3896859002-1750763641-2436859191-1001 - Administrator - Enabled) => C:\Users\Idea

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{7b509672-8eb5-466b-b85a-482e26ccc500}) (Version: 1.2.81.30631 - Avira Operations GmbH & Co. KG)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Standard 2016 - cs-cz (HKLM\...\StandardRetail - cs-cz) (Version: 16.0.7571.2072 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2400 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2400 series) (Version: - ‭Canon Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B05A67D-8A8F-4BF7-ABB3-7DF4C578DD0C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2A0C4832-5050-46B8-AE1C-7CE8A94020CB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {44296ABE-A831-441A-8C57-BBA087EB25E7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-09] (Lenovo)
Task: {525FE185-F947-45FF-B5A1-2F5C6A585D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-13] (Microsoft Corporation)
Task: {56667965-7414-425F-87C0-A3352CF0DA04} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-02] (Microsoft Corporation)
Task: {5D342091-C50A-4189-9E0B-6278EC9567B0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {6ACA3CDF-4193-41CE-B9B6-603561796098} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {71745F1B-9030-41F9-8A3E-3BC8A78B61C4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {9949C28C-C4C6-4CFC-9B76-B04C408EE776} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {A4B15D6D-EEFD-41CC-B82A-83FC48490B24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-12] (Google Inc.)
Task: {A5CFDF21-8BC9-46F2-B24F-F34E233EC759} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-13] (Microsoft Corporation)
Task: {AC14AD23-813C-4211-AB16-5820A7224BF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {B8A67FA5-8E0B-472B-97CD-5A9E8B30449D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BB2D8C5A-2E5D-483E-A46F-4995BEF465A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-02] (Microsoft Corporation)
Task: {D2BB4BDD-D6F5-4BB1-972A-86012D20F223} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-09] ()
Task: {D62BC18B-2AB7-43A9-AE25-EEF1E73C4E4C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-04] (Avira Operations GmbH & Co. KG)
Task: {EDA1AA87-74A8-4D26-8FD4-ADEF3453E499} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-15] (AVAST Software)
Task: {EE6737E4-21B7-4227-A9E0-7A41A1B823BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {EE814F4A-D960-439D-8409-27742D941F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-11-16 01:51 - 2012-11-16 01:51 - 000048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2016-11-25 08:16 - 2016-11-25 08:16 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-09-25 21:56 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-25 21:56 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-18 04:53 - 2018-09-15 10:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 04:53 - 2018-09-15 10:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-08-10 16:28 - 2018-08-10 16:26 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-08-10 16:28 - 2018-08-10 16:26 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2017-02-13 16:37 - 2013-08-09 05:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [220]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Idea\Desktop\Na\way ninja.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AAFE222-0A71-4D5F-AE49-145204C88DF4}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8D47FEE9-CACA-499D-A605-5A2E97136B85}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{DCDB5A39-274B-49F5-AD4C-1490EFBFC4B4}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe
FirewallRules: [UDP Query User{9AC74FD0-AFEC-4D25-8964-48BDECC6FACD}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe
FirewallRules: [{457D421D-1BCC-4901-A3F2-2501D6E9780F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{96B7D27E-6D36-45FE-AAFF-658D082722BF}C:\users\idea\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\idea\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{015F8B7A-94CE-483E-8242-B52027B41BD0}C:\users\idea\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\idea\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4B755FF7-B07E-44C9-95AA-0854F024AD9D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A9711DC3-0914-4906-A1F0-F667D185EB11}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{A0B36C1B-99CD-4F02-9D5D-11343A768717}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E770AC5C-A8EC-4A7C-8DE2-A61339F10585}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [TCP Query User{0B71B57A-6268-4C73-AAB5-E91D143E48BF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{066C066E-4CFB-4988-B423-B4C94FE9228A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{BDDD5C12-1D35-47DE-B484-E44A9EDEDD27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-09-2018 21:32:35 Naplánovaný kontrolní bod
12-09-2018 07:57:51 Windows Update
21-09-2018 04:59:37 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2018 10:17:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xb70
Čas spuštění chybující aplikace: 0x01d4556d015e24de
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: a19bd738-c164-11e8-8061-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 09:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0x115c
Čas spuštění chybující aplikace: 0x01d45509e9503dc3
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: ff8c754e-c15f-11e8-8060-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 09:10:51 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (09/25/2018 06:57:58 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (09/24/2018 11:49:19 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (09/23/2018 01:11:45 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (09/23/2018 09:12:37 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (09/22/2018 09:30:20 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894


System errors:
=============
Error: (09/26/2018 10:21:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Události načítání snímků skončila s následující chybou specifickou pro službu:
Vzdálené volání procedury se nezdařilo.

Error: (09/26/2018 10:21:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Pracovní složky přestala během spouštění reagovat.

Error: (09/26/2018 10:19:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitelská služba zprostředkovatele šifrování Windows byla ukončena s následující chybou:
Při obsluze řídicí žádosti došlo ve službě k výjimce.

Error: (09/26/2018 09:48:05 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Události načítání snímků skončila s následující chybou specifickou pro službu:
Vzdálené volání procedury se nezdařilo.

Error: (09/26/2018 09:47:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Pracovní složky přestala během spouštění reagovat.

Error: (09/26/2018 09:46:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitelská služba zprostředkovatele šifrování Windows byla ukončena s následující chybou:
Při obsluze řídicí žádosti došlo ve službě k výjimce.

Error: (09/26/2018 09:45:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Avira Scheduler skončila s následující chybou specifickou pro službu:
Nesprávná funkce.

Error: (09/26/2018 01:07:04 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2017-03-05 08:45:45.271
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.235.2629.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13407.0
Kód chyby: 0x8024001e
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2017-03-05 08:45:45.271
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.235.2629.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13407.0
Kód chyby: 0x8024001e
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2018-07-14 17:14:11.322
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3961.77 MB
Available physical RAM: 1813.54 MB
Total Virtual: 5049.77 MB
Available Virtual: 2285.53 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:421.86 GB) (Free:377.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:10.56 GB) NTFS

\\?\Volume{6574e62d-fabd-4f65-931f-acd811f9244e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{78ac6970-3e10-4073-9422-bc8ef49d405c}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{977a5f76-733a-44b0-8489-19acf996aaad}\ () (Fixed) (Total:0.48 GB) (Free:0.16 GB) NTFS
\\?\Volume{4b03bc3f-51f8-44d0-be83-ee134040121a}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
\\?\Volume{010ddebf-4326-4927-803d-21c124571aac}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
\\?\Volume{37392550-d26b-4400-bb61-974b57b0fd17}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{ddc995ca-1029-40fe-aecd-bea8e9fa948e}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{d71f7794-f1bf-4c43-bf88-0d83646e418e}\ (PBR_DRV) (Fixed) (Total:13.89 GB) (Free:3.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 758AD33A)

Partition: GPT.

==================== End of Addition.txt ============================

[Conder]

Ahoj

V akom presne umiestneni hlasi Malwarebytes tuto hrozbu?

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[DestinyToBorn]

Ono bude trochu problém napsat v jakých souborech to našel malwerbytes protože já hňup ty soubory dal hned odstranit
Ale vím že jich bylo celkem 11 a pár jich bylo v registrech jestli to pomůže.
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-27-2018
# Duration: 00:00:09
# OS: Windows 8.1
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1246 octets] - [27/09/2018 10:58:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Conder]

V Malwarebytes by mal byt z toho log, skus pozriet vlavo v casti Spravy. Ak tam najdes log, tak ho otvor, klikni na exportovat -> skopirovat do schranky a vloz do dalsej odpovede.

Poprosim o obidva nove logy z FRST.

[DestinyToBorn]

Malwarebytes log:
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 26.09.18
Čas skenování: 2:35
Logovací soubor: 0d4d7fc4-c124-11e8-9c34-201a067f1397.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.463
Aktualizovat verzi balíku komponent: 1.0.7013
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Plánovač
Výsledek: Dokončeno
Skenované objekty: 245237
Zjištěné hrozby: 9
Hrozby umístěné do karantény: 9
Uplynulý čas: 7 min, 29 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 6
Trojan.BitCoinMiner.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{A161224E-WSP1-9722-1GH5-LA58912C12AA}, V karanténě, [1154], [487424],1.0.7013
Trojan.BitCoinMiner.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A0B796A4-D067-4F37-8E19-35E3E3C42084}, V karanténě, [1154], [487424],1.0.7013
Trojan.BitCoinMiner.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A0B796A4-D067-4F37-8E19-35E3E3C42084}, V karanténě, [1154], [487424],1.0.7013
Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A161224E-WSP1-9722-1GH5-LA58912C12AA}, V karanténě, [1154], [-1],0.0.0
Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0B796A4-D067-4F37-8E19-35E3E3C42084}, V karanténě, [1154], [-1],0.0.0
Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0B796A4-D067-4F37-8E19-35E3E3C42084}, V karanténě, [1154], [-1],0.0.0

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 3
Trojan.BitCoinMiner.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{A161224E-WSP1-9722-1GH5-LA58912C12AA}, V karanténě, [1154], [487424],1.0.7013
Trojan.BitCoinMiner.TskLnk, C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE, V karanténě, [1154], [487424],1.0.7013
Trojan.BitCoinMiner.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{A161224E-WSP1-9722-1GH5-LA58912C12AA}, V karanténě, [1154], [-1],0.0.0

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
Ran by Idea (administrator) on IDEA-PC (28-09-2018 09:32:06)
Running from C:\Users\Idea\Desktop
Loaded Profiles: Idea & (Available Profiles: Idea)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google) C:\Users\Idea\AppData\Local\Google\Chrome\User Data\SwReporter\33.171.200\software_reporter_tool.exe
(Google) C:\Users\Idea\AppData\Local\Google\Chrome\User Data\SwReporter\33.171.200\software_reporter_tool.exe
(Google) C:\Users\Idea\AppData\Local\Google\Chrome\User Data\SwReporter\33.171.200\software_reporter_tool.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-11-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-11-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Run: [Spotify] => C:\Users\Idea\AppData\Roaming\Spotify\Spotify.exe [25061776 2018-09-16] (Spotify Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-12-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\Run: [Spotify] => C:\Users\Idea\AppData\Roaming\Spotify\Spotify.exe [25061776 2018-09-16] (Spotify Ltd)
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Idea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2018-06-02]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B5F1CBA-9FE1-4146-B168-8E8D00DA2EE2}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-13] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-13] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-13] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-04-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
CHR Extension: (Prezentace) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (BetterTTV) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Dokumenty) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-12]
CHR Extension: (YouTube) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]
CHR Extension: (Tabulky) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-12]
CHR Extension: (Chrome Media Router) - C:\Users\Idea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-05-16] ()
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-16] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-02] (Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-08-10] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-16] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-24] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-09-25] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-09-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-09-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-09-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-09-28] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S3 usbser; C:\WINDOWS\system32\DRIVERS\USBSER.sys [33280 2016-11-25] (Microsoft Corporation) [File not signed]
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-27 21:33 - 2018-09-28 09:23 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-27 21:33 - 2018-09-27 21:33 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-27 21:33 - 2018-09-27 21:33 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-27 21:32 - 2018-09-27 21:32 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-27 11:01 - 2018-09-27 11:01 - 007592144 _____ (Malwarebytes) C:\Users\Idea\Downloads\adwcleaner_7.2.4.0.exe
2018-09-27 10:57 - 2018-09-27 10:58 - 000000000 ____D C:\AdwCleaner
2018-09-27 10:56 - 2018-09-27 10:56 - 007592144 _____ (Malwarebytes) C:\Users\Idea\Desktop\adwcleaner_7.2.4.0.exe
2018-09-26 10:27 - 2018-09-26 10:28 - 000035235 _____ C:\Users\Idea\Desktop\Addition.txt
2018-09-26 10:26 - 2018-09-28 09:32 - 000021051 _____ C:\Users\Idea\Desktop\FRST.txt
2018-09-26 10:26 - 2018-09-28 09:32 - 000000000 ____D C:\FRST
2018-09-26 10:25 - 2018-09-26 10:25 - 002414080 _____ (Farbar) C:\Users\Idea\Desktop\FRST64.exe
2018-09-25 21:57 - 2018-09-25 21:57 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-25 21:57 - 2018-09-25 21:57 - 000000000 ____D C:\Users\Idea\AppData\Local\mbamtray
2018-09-25 21:56 - 2018-09-25 21:56 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-25 21:56 - 2018-09-25 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-25 21:56 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-25 21:55 - 2018-09-25 21:55 - 000000000 ____D C:\Users\Idea\AppData\Local\mbam
2018-09-23 18:00 - 2018-09-23 18:08 - 1186365384 _____ C:\Users\Idea\Downloads\Anthony Joshua vs Alexander Povetkin.mkv
2018-09-12 07:47 - 2018-08-28 05:46 - 001764408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-12 07:47 - 2018-08-24 01:05 - 025736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-12 07:47 - 2018-08-24 00:34 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-12 07:47 - 2018-08-23 23:27 - 020279296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-12 07:47 - 2018-08-23 22:51 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-12 07:47 - 2018-08-14 03:22 - 022374608 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-09-12 07:47 - 2018-08-14 03:19 - 019790752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-09-12 07:47 - 2018-08-13 22:06 - 002530384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-12 07:47 - 2018-08-13 22:03 - 001903744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-12 07:47 - 2018-08-12 21:23 - 007373544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-12 07:47 - 2018-08-12 18:31 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-12 07:47 - 2018-07-24 19:50 - 006522344 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-12 07:47 - 2018-07-24 19:50 - 001488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-12 07:46 - 2018-08-28 07:39 - 001491032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-12 07:46 - 2018-08-28 03:36 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-12 07:46 - 2018-08-28 03:36 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-12 07:46 - 2018-08-24 00:54 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-12 07:46 - 2018-08-24 00:43 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-09-12 07:46 - 2018-08-24 00:33 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-09-12 07:46 - 2018-08-24 00:08 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-09-12 07:46 - 2018-08-24 00:01 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-12 07:46 - 2018-08-24 00:00 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-12 07:46 - 2018-08-23 23:52 - 004510720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-12 07:46 - 2018-08-23 23:40 - 001555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-12 07:46 - 2018-08-23 23:28 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-12 07:46 - 2018-08-23 23:15 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-09-12 07:46 - 2018-08-23 23:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-09-12 07:46 - 2018-08-23 22:49 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-09-12 07:46 - 2018-08-23 22:48 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-12 07:46 - 2018-08-23 22:44 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-12 07:46 - 2018-08-23 22:30 - 004037632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-12 07:46 - 2018-08-23 22:27 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-12 07:46 - 2018-08-23 22:24 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-12 07:46 - 2018-08-13 21:32 - 001368680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-12 07:46 - 2018-08-13 15:40 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-12 07:46 - 2018-08-13 15:39 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-12 07:46 - 2018-08-13 15:33 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-12 07:46 - 2018-08-13 15:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-12 07:46 - 2018-08-13 15:29 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-12 07:46 - 2018-08-12 21:06 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-12 07:46 - 2018-08-12 21:06 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-12 07:46 - 2018-08-12 21:06 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-12 07:46 - 2018-08-12 21:06 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-12 07:46 - 2018-08-12 21:04 - 002451808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-12 07:46 - 2018-08-12 18:06 - 001556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-12 07:46 - 2018-08-09 19:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-09-12 07:46 - 2018-08-09 19:39 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-12 07:46 - 2018-08-09 18:59 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-09-12 07:46 - 2018-08-09 18:41 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-09-12 07:46 - 2018-08-09 18:41 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-12 07:46 - 2018-08-09 18:39 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-12 07:46 - 2018-07-29 15:44 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-12 07:46 - 2018-07-24 19:50 - 000261408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-12 07:46 - 2018-07-24 15:45 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-12 07:46 - 2018-07-18 15:34 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-12 07:46 - 2018-07-06 19:14 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-09-12 07:46 - 2018-07-06 18:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-09-12 07:46 - 2018-07-06 01:17 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-09-12 07:46 - 2018-06-26 17:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2018-09-12 07:46 - 2018-06-26 17:14 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2018-09-12 07:46 - 2018-06-21 15:31 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-12 07:46 - 2018-06-21 15:30 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-12 07:46 - 2018-06-21 15:24 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-12 07:46 - 2018-06-21 15:24 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2018-08-29 15:53 - 2018-08-29 15:53 - 000001143 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-28 09:25 - 2014-11-21 06:53 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-28 09:25 - 2014-11-21 06:10 - 000734510 _____ C:\WINDOWS\system32\perfh005.dat
2018-09-28 09:25 - 2014-11-21 06:10 - 000148820 _____ C:\WINDOWS\system32\perfc005.dat
2018-09-28 09:25 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-09-28 09:24 - 2017-05-10 15:25 - 000003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{86E63323-2C13-491F-9D26-960A22EF9F49}
2018-09-28 09:21 - 2017-02-12 18:45 - 000000000 __SHD C:\Users\Idea\IntelGraphicsProfiles
2018-09-27 21:31 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-26 17:26 - 2017-11-19 16:40 - 000000129 _____ C:\Users\Idea\Desktop\Nový textový dokument.txt
2018-09-26 10:44 - 2017-02-12 18:56 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3896859002-1750763641-2436859191-1001
2018-09-25 19:22 - 2018-05-17 15:40 - 000000000 ____D C:\Users\Idea\AppData\Local\Spotify
2018-09-25 19:22 - 2018-05-17 15:39 - 000000000 ____D C:\Users\Idea\AppData\Roaming\Spotify
2018-09-23 20:20 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-09-23 18:12 - 2017-02-14 10:41 - 000000000 ____D C:\Users\Idea\AppData\Roaming\vlc
2018-09-23 17:18 - 2018-04-14 10:47 - 000003168 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3896859002-1750763641-2436859191-1001
2018-09-23 17:17 - 2018-04-13 14:10 - 000002334 _____ C:\Users\Idea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-09-18 04:53 - 2017-02-12 14:14 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 04:53 - 2017-02-12 14:14 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-15 12:03 - 2017-02-12 18:25 - 000000000 ____D C:\Users\Idea
2018-09-14 09:45 - 2013-08-22 16:44 - 000489472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-14 08:03 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-09-12 09:05 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-09-12 08:08 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-12 08:04 - 2017-02-12 10:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-12 08:00 - 2017-02-12 10:26 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-12 07:32 - 2018-04-11 19:18 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-10 17:48 - 2017-04-18 19:48 - 000000000 ____D C:\Program Files\CCleaner
2018-09-05 00:06 - 2017-02-12 20:23 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 00:06 - 2017-02-12 20:23 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-04 19:19 - 2017-03-05 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-08-31 12:30 - 2017-04-15 18:58 - 000000000 ____D C:\Users\Idea\AppData\Roaming\WinRAR
2018-08-29 15:53 - 2017-04-23 12:06 - 000000000 ____D C:\ProgramData\Package Cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-23 11:20

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018
Ran by Idea (28-09-2018 09:33:17)
Running from C:\Users\Idea\Desktop
Windows 8.1 (Update) (X64) (2017-02-12 16:45:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3896859002-1750763641-2436859191-500 - Administrator - Disabled)
Guest (S-1-5-21-3896859002-1750763641-2436859191-501 - Limited - Disabled)
Idea (S-1-5-21-3896859002-1750763641-2436859191-1001 - Administrator - Enabled) => C:\Users\Idea

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{7b509672-8eb5-466b-b85a-482e26ccc500}) (Version: 1.2.81.30631 - Avira Operations GmbH & Co. KG)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Standard 2016 - cs-cz (HKLM\...\StandardRetail - cs-cz) (Version: 16.0.7571.2072 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.7571.2072 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2400 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2400 series) (Version: - ‭Canon Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
Spotify (HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B05A67D-8A8F-4BF7-ABB3-7DF4C578DD0C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2A0C4832-5050-46B8-AE1C-7CE8A94020CB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {44296ABE-A831-441A-8C57-BBA087EB25E7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-09] (Lenovo)
Task: {525FE185-F947-45FF-B5A1-2F5C6A585D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-13] (Microsoft Corporation)
Task: {56667965-7414-425F-87C0-A3352CF0DA04} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-02] (Microsoft Corporation)
Task: {5D342091-C50A-4189-9E0B-6278EC9567B0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {6ACA3CDF-4193-41CE-B9B6-603561796098} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {71745F1B-9030-41F9-8A3E-3BC8A78B61C4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {9949C28C-C4C6-4CFC-9B76-B04C408EE776} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-09] ()
Task: {A4B15D6D-EEFD-41CC-B82A-83FC48490B24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-12] (Google Inc.)
Task: {A5CFDF21-8BC9-46F2-B24F-F34E233EC759} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-04-13] (Microsoft Corporation)
Task: {AC14AD23-813C-4211-AB16-5820A7224BF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {B8A67FA5-8E0B-472B-97CD-5A9E8B30449D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BB2D8C5A-2E5D-483E-A46F-4995BEF465A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-02] (Microsoft Corporation)
Task: {D2BB4BDD-D6F5-4BB1-972A-86012D20F223} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-09] ()
Task: {D62BC18B-2AB7-43A9-AE25-EEF1E73C4E4C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-04] (Avira Operations GmbH & Co. KG)
Task: {EDA1AA87-74A8-4D26-8FD4-ADEF3453E499} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-15] (AVAST Software)
Task: {EE6737E4-21B7-4227-A9E0-7A41A1B823BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {EE814F4A-D960-439D-8409-27742D941F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-11-16 01:51 - 2012-11-16 01:51 - 000048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2016-11-25 08:16 - 2016-11-25 08:16 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-09-25 21:56 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-25 21:56 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-08-09 03:14 - 2012-08-09 03:14 - 000148392 _____ () C:\Program Files\lenovo\lenovo solution center\lsc.exe
2018-08-10 16:28 - 2018-08-10 16:26 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-08-10 16:28 - 2018-08-10 16:26 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2017-02-13 16:37 - 2013-08-09 05:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [220]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Idea\Desktop\Na\way ninja.jpg
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Control Panel\Desktop\\Wallpaper -> C:\Users\Idea\Desktop\Na\way ninja.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AAFE222-0A71-4D5F-AE49-145204C88DF4}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8D47FEE9-CACA-499D-A605-5A2E97136B85}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{DCDB5A39-274B-49F5-AD4C-1490EFBFC4B4}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe
FirewallRules: [UDP Query User{9AC74FD0-AFEC-4D25-8964-48BDECC6FACD}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe
FirewallRules: [{457D421D-1BCC-4901-A3F2-2501D6E9780F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{96B7D27E-6D36-45FE-AAFF-658D082722BF}C:\users\idea\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\idea\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{015F8B7A-94CE-483E-8242-B52027B41BD0}C:\users\idea\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\idea\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4B755FF7-B07E-44C9-95AA-0854F024AD9D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A9711DC3-0914-4906-A1F0-F667D185EB11}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{A0B36C1B-99CD-4F02-9D5D-11343A768717}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E770AC5C-A8EC-4A7C-8DE2-A61339F10585}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [TCP Query User{0B71B57A-6268-4C73-AAB5-E91D143E48BF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{066C066E-4CFB-4988-B423-B4C94FE9228A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{BDDD5C12-1D35-47DE-B484-E44A9EDEDD27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2A798218-91CB-4D0E-B21A-A28E4906DDC3}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [UDP Query User{95E0C976-F28E-4E78-B5D9-BD4862CA228D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe

==================== Restore Points =========================

12-09-2018 07:57:51 Windows Update
21-09-2018 04:59:37 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2018 09:30:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xb38
Čas spuštění chybující aplikace: 0x01d45640a0e08276
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: b93677f5-c28b-11e8-8066-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/27/2018 11:04:02 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (09/27/2018 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xb18
Čas spuštění chybující aplikace: 0x01d4559809867ccb
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: acc08445-c233-11e8-8065-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 02:52:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xabc
Čas spuštění chybující aplikace: 0x01d4558538db50fb
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: 0a0637c4-c18b-11e8-8064-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 10:31:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xb70
Čas spuštění chybující aplikace: 0x01d455719fba52e9
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: a1d0837b-c166-11e8-8062-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 10:17:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0xb70
Čas spuštění chybující aplikace: 0x01d4556d015e24de
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: a19bd738-c164-11e8-8061-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 09:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.2.0.704, časové razítko: 0x5b9acf90
Název chybujícího modulu: SelfProtectionSdk.dll, verze: 3.0.0.360, časové razítko: 0x5b995ba2
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000014e2a9
ID chybujícího procesu: 0x115c
Čas spuštění chybující aplikace: 0x01d45509e9503dc3
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
ID zprávy: ff8c754e-c15f-11e8-8060-201a067f1397
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/26/2018 09:10:51 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: idea-PC)
Description: C:\Users\Idea\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894


System errors:
=============
Error: (09/28/2018 12:51:19 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve

Error: (09/27/2018 09:33:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Události načítání snímků skončila s následující chybou specifickou pro službu:
Vzdálené volání procedury se nezdařilo.

Error: (09/27/2018 09:33:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Pracovní složky přestala během spouštění reagovat.

Error: (09/27/2018 09:32:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitelská služba zprostředkovatele šifrování Windows byla ukončena s následující chybou:
Při obsluze řídicí žádosti došlo ve službě k výjimce.

Error: (09/27/2018 11:56:55 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (09/27/2018 11:56:25 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (09/27/2018 11:03:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Události načítání snímků skončila s následující chybou specifickou pro službu:
Vzdálené volání procedury se nezdařilo.

Error: (09/27/2018 11:03:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Pracovní složky přestala během spouštění reagovat.


Windows Defender:
===================================
Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-08-10 18:44:54.838
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2017-03-05 08:45:45.271
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.235.2629.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13407.0
Kód chyby: 0x8024001e
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2017-03-05 08:45:45.271
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.235.2629.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13407.0
Kód chyby: 0x8024001e
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2018-07-14 17:14:11.322
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3961.77 MB
Available physical RAM: 2435.26 MB
Total Virtual: 5049.77 MB
Available Virtual: 3018.57 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:421.86 GB) (Free:378.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.29 GB) NTFS

\\?\Volume{6574e62d-fabd-4f65-931f-acd811f9244e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{78ac6970-3e10-4073-9422-bc8ef49d405c}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{977a5f76-733a-44b0-8489-19acf996aaad}\ () (Fixed) (Total:0.48 GB) (Free:0.16 GB) NTFS
\\?\Volume{4b03bc3f-51f8-44d0-be83-ee134040121a}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
\\?\Volume{010ddebf-4326-4927-803d-21c124571aac}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
\\?\Volume{37392550-d26b-4400-bb61-974b57b0fd17}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{ddc995ca-1029-40fe-aecd-bea8e9fa948e}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{d71f7794-f1bf-4c43-bf88-0d83646e418e}\ (PBR_DRV) (Fixed) (Total:13.89 GB) (Free:3.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 758AD33A)

Partition: GPT.

==================== End of Addition.txt ============================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  Folder: C:\USERS\IDEA\APPDATA\ROAMING\WINRAR
  Folder:  C:\Program Files\Common Files\AV\avast! Antivirus
  File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe" 
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
  SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = 
  SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = 
  SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = 
  SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = 
  FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
  U3 aswbdisk; no ImagePath
  ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  Task: {2A0C4832-5050-46B8-AE1C-7CE8A94020CB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
  Task: {5D342091-C50A-4189-9E0B-6278EC9567B0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
  AlternateDataStreams: C:\Users\Public\AppData:CSM [220]
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
  HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[DestinyToBorn]

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018
Ran by Idea (28-09-2018 19:45:03) Run:1
Running from C:\Users\Idea\Desktop
Loaded Profiles: Idea (Available Profiles: Idea)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\USERS\IDEA\APPDATA\ROAMING\WINRAR
Folder: C:\Program Files\Common Files\AV\avast! Antivirus
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
U3 aswbdisk; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2A0C4832-5050-46B8-AE1C-7CE8A94020CB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D342091-C50A-4189-9E0B-6278EC9567B0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [220]
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 14
Average :
Sum : 10096626
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= Folder: C:\USERS\IDEA\APPDATA\ROAMING\WINRAR ========================

2017-04-15 18:58 - 2017-04-15 18:58 - 000000012 ____A [7C20D14E3B2A4A1BDFA886C99567EE6A] () C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\version.dat
2018-08-31 12:30 - 2018-09-26 09:10 - 000000000 ____D [00000000000000000000000000000000] () C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp
2018-08-31 12:30 - 2018-08-31 12:30 - 000001423 ____A [63E307560C76C0E28DB0AA66719FAAF6] () C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\config.xml
2018-08-31 12:30 - 2013-10-05 02:58 - 000660128 ____A [46060C35F697281BC5E7337AEE3722B1] (Microsoft Corporation) C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\msvcp120.dll
2018-08-31 12:30 - 2013-10-05 00:58 - 000963232 ____A [9C861C079DD81762B6C54E37597B7712] (Microsoft Corporation) C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\msvcr120.dll
2018-08-31 12:30 - 2017-01-19 23:04 - 000021504 ____A [D143C8D82D8B0CCC0B9CDA536596D808] () C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\OpenCL.dll

====== End of Folder: ======


========================= Folder: C:\Program Files\Common Files\AV\avast! Antivirus ========================

not found.

====== End of Folder: ======


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: E548929868BDFD3FC13B46D99605B764
Creation and modification date: 2016-11-25 08:16 - 2016-11-25 08:16
Size: 000192200
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: https://www.virustotal.com/file/737c8a1 ... 535104141/

====== End of File: ======

"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360f2254-5bfc-11e7-bf18-201a067f1397}" => removed successfully
HKLM\Software\Classes\CLSID\{360f2254-5bfc-11e7-bf18-201a067f1397} => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fe7cf3a-8ee8-11e7-bf47-201a067f1397}" => removed successfully
HKLM\Software\Classes\CLSID\{8fe7cf3a-8ee8-11e7-bf47-201a067f1397} => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fe7cf3d-8ee8-11e7-bf47-201a067f1397}" => removed successfully
HKLM\Software\Classes\CLSID\{8fe7cf3d-8ee8-11e7-bf47-201a067f1397} => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fe7cf4f-8ee8-11e7-bf47-201a067f1397}" => removed successfully
HKLM\Software\Classes\CLSID\{8fe7cf4f-8ee8-11e7-bf47-201a067f1397} => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d0e97e2-a222-11e7-bf59-201a067f1397}" => removed successfully
HKLM\Software\Classes\CLSID\{9d0e97e2-a222-11e7-bf59-201a067f1397} => not found
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {360f2254-5bfc-11e7-bf18-201a067f1397} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3a-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf3d-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {8fe7cf4f-8ee8-11e7-bf47-201a067f1397} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\MountPoints2: {9d0e97e2-a222-11e7-bf59-201a067f1397} - "F:\HiSuiteDownLoader.exe" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5E0D305-DD10-412B-B03B-B1586D2ACB2F}" => removed successfully
HKLM\Software\Classes\CLSID\{F5E0D305-DD10-412B-B03B-B1586D2ACB2F} => not found
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> DefaultScope {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274 -> {F5E0D305-DD10-412B-B03B-B1586D2ACB2F} URL = => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKLM\System\CurrentControlSet\Services\aswbdisk" => removed successfully
aswbdisk => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2A0C4832-5050-46B8-AE1C-7CE8A94020CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A0C4832-5050-46B8-AE1C-7CE8A94020CB}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D342091-C50A-4189-9E0B-6278EC9567B0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D342091-C50A-4189-9E0B-6278EC9567B0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"C:\Users\Idea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk" => not found
"HKU\S-1-5-21-3896859002-1750763641-2436859191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\zSpeedup.lnk" => removed successfully
HKU\S-1-5-21-3896859002-1750763641-2436859191-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09282018092324274\...\StartupApproved\StartupFolder: => "zSpeedup.lnk" => Error: No automatic fix found for this entry.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20369364 B
Java, Flash, Steam htmlcache => 1418 B
Windows/system/drivers => 63955379 B
Edge => 0 B
Chrome => 788668322 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 13939324 B
NetworkService => 5202 B
Idea => 429539060 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-09-2018 19:52:18)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 19:52:19 ====

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CMD: type "C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\config.xml"
  C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

[DestinyToBorn]

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Idea (29-09-2018 17:53:05) Run:2
Running from C:\Users\Idea\Desktop
Loaded Profiles: Idea (Available Profiles: Idea)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: type "C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\config.xml"
C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp
End
*****************


========= type "C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp\config.xml" =========

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<Triggers>
<LogonTrigger>
<StartBoundary>2018-09-05T00:00:00</StartBoundary>
<Enabled>true</Enabled>
<Delay>PT5M</Delay>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>false</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\Idea\AppData\Roaming\WinRAR\Precomp\precomp.exe</Command>
<Arguments>4B582329bb63b6f258123fD68Ee6326DD5256C1B</Arguments>
<WorkingDirectory>C:\Users\Idea\AppData\Roaming\WinRAR\Precomp</WorkingDirectory>
</Exec>
</Actions>
</Task>
========= End of CMD: =========

C:\USERS\IDEA\APPDATA\ROAMING\WINRAR\Precomp => moved successfully

==== End of Fixlog 17:53:06 ====

[Conder]

Vyzera to uz OK. Nastala nejaka zmena alebo su este nejake problemy s PC?

[DestinyToBorn]

Myslím že už je vše v pořádku.
Počítač se zrychlil a to jsem to ani neočekával že to půjde
Takže děkuji mnohokrát za pomoc

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"