Preventivní kontrola

Zpráva

Ladix · #1 Příspěvek od **Ladix** » 06 pro 2020 13:24

Dobrý den,
prosím o preventivní kontrolu logu. PC naštěstí nevykazuje žádné problémy, jen momentálně ještě nemám nainstalovaný antivir, protože jsem včera musel odinstalovat aviru, jelikož nějak přestala pracovat. Tak i proto bych poprosil o tu preventivku.
Dnes si procházím Vaše fórum a rozmýšlím se, který free antivir si nainstaluji. Předchvílí jsem si stáhl instalačku Bitdefenderu, tak ho asi vyzkouším.
Děkuji za Vaše případné doporučení a připomínky.

Zde je log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by uzivatel at 2020-12-06 13:07:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 16317 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:07:10, on 6.12.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19597)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Advanced SystemCare] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 13 (AdvancedSystemCareService13) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\programy\Daemon\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\elevation_service.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - D:\programy\Teamviewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10630 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {AFDC2069-5B41-4395-A500-7CD1C57290F1}
taskeng.exe {A6F57BA4-E0CB-445E-807E-4EBE3119C333}
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" /Task
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe "1124778814168830544-5766060361307969878-722095601-829487679-915584367492841781
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\system32\svchost.exe -k imgsvc
"D:\programy\Teamviewer\TeamViewer_Service.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --no-sandbox --disable-features=AsyncWheelEvents,SurfaceSynchronization --disable-gpu-compositing --service-pipe-token=E844FEC202CC4B3334731DA21323BFB0 --lang=en-US --log-file="C:\Users\uzivatel\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E844FEC202CC4B3334731DA21323BFB0 --renderer-client-id=2 --mojo-platform-channel-handle=1424 /prefetch:1
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --disable-features=AsyncWheelEvents,SurfaceSynchronization --no-sandbox --log-file="C:\Users\uzivatel\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\uzivatel\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --service-request-channel-token=193FEF1B041BFE6EC6BE322960DC6C14 --mojo-platform-channel-handle=1452 /prefetch:2
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe" /srvupt
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.0.27572684\2012582570" -parentBuildID 20201112153044 -prefsHandle 1096 -prefMapHandle 1088 -prefsLen 1 -prefMapSize 244357 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 1168 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.6.187674254\666837317" -childID 1 -isForBrowser -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 258 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 1888 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.13.1374905783\1787438914" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 6711 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 3200 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.20.680090836\978841961" -childID 3 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 7509 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 3864 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.27.2097804575\1418149409" -childID 4 -isForBrowser -prefsHandle 4160 -prefMapHandle 4156 -prefsLen 7820 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 4172 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.41.1949230143\1822714617" -childID 6 -isForBrowser -prefsHandle 4456 -prefMapHandle 4084 -prefsLen 8228 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 3696 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.48.1715521462\1280319450" -childID 7 -isForBrowser -prefsHandle 3760 -prefMapHandle 3800 -prefsLen 8228 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 4468 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.62.793675395\461178962" -childID 9 -isForBrowser -prefsHandle 4304 -prefMapHandle 3016 -prefsLen 8228 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 4916 tab
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {B1A50197-2101-4BDF-AAE8-840F5C961EC0}
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6148.69.849051195\1518276112" -childID 10 -isForBrowser -prefsHandle 2552 -prefMapHandle 8636 -prefsLen 8228 -prefMapSize 244357 -parentBuildID 20201112153044 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 6148 "\\.\pipe\gecko-crash-server-pipe.6148" 3520 tab

"C:\Users\uzivatel\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.453 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.453 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31 2478864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14 222088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2018-05-15 2353944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14 156560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2018-05-15 1744672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24 186944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2020-06-19 3637008]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2020-10-29 90952568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [2020-11-22 1502776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"shell"=explorer.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-12-04 21:33:37 ----D---- C:\Users\uzivatel\AppData\Roaming\qBittorrent
2020-11-21 14:09:57 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2020-12-06 13:07:10 ----D---- C:\Windows\Prefetch
2020-12-06 13:07:10 ----D---- C:\Program Files\trend micro
2020-12-06 13:03:41 ----D---- C:\ProgramData\NVIDIA
2020-12-06 13:03:18 ----D---- C:\Windows\system32\config
2020-12-06 12:55:03 ----D---- C:\ProgramData\Mozilla
2020-12-05 22:28:28 ----D---- C:\Windows\Temp
2020-12-05 22:27:49 ----D---- C:\Windows\System32
2020-12-05 22:27:49 ----D---- C:\Windows\inf
2020-12-05 22:27:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-12-05 22:24:32 ----D---- C:\Windows\system32\catroot2
2020-12-05 22:23:14 ----D---- C:\Windows
2020-12-05 11:05:33 ----D---- C:\Windows\system32\Tasks
2020-12-05 10:53:56 ----RD---- C:\Program Files (x86)
2020-12-05 10:08:28 ----D---- C:\Users\uzivatel\AppData\Roaming\Kodi
2020-12-05 09:09:31 ----D---- C:\ProgramData\Avira
2020-12-05 09:09:17 ----D---- C:\ProgramData\Package Cache
2020-12-05 02:40:10 ----SHD---- C:\System Volume Information
2020-12-04 21:10:56 ----SHD---- C:\Windows\Installer
2020-12-04 21:10:56 ----SHD---- C:\Config.Msi
2020-12-04 15:48:31 ----D---- C:\Windows\SoftwareDistribution
2020-12-04 15:48:01 ----D---- C:\Windows\system32\wfp
2020-12-04 15:46:55 ----D---- C:\Windows\debug
2020-12-04 15:38:23 ----D---- C:\Windows\system32\DriverStore
2020-12-04 15:37:27 ----D---- C:\Program Files (x86)\GIGABYTE
2020-12-04 14:38:05 ----D---- C:\Windows\SysWOW64
2020-11-29 17:33:41 ----D---- C:\ProgramData\ProductData
2020-11-22 16:03:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-22 10:03:42 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2020-11-22 10:03:39 ----D---- C:\Windows\system32\Macromed
2020-11-22 10:03:37 ----D---- C:\Windows\SYSWOW64\Macromed
2020-11-11 23:19:41 ----D---- C:\ProgramData\Microsoft Help
2020-11-09 20:17:03 ----D---- C:\ProgramData\NVIDIA Corporation
2020-11-08 09:12:40 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2020-11-08 08:45:39 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2019-05-12 35376]
R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2013-09-04 61000]
R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2013-09-04 48200]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2015-11-12 1467912]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2015-11-12 31728]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 516096]
R1 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2013-09-04 18504]
R1 EUFDDISK;EUFDDISK; \??\C:\Windows\system32\drivers\EuFdDisk.sys [2013-09-04 189000]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 AscFileFilter;AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [2019-07-15 27528]
R3 AscRegistryFilter;AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [2019-07-15 28064]
R3 cpuz145;cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [2020-12-05 49968]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-11-05 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-11-05 47672]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2015-11-24 510952]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2016-01-27 4779776]
R3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [2018-07-04 14680]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2020-07-31 27224]
R3 IUProcessFilter;IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [2020-07-31 20568]
R3 IURegistryFilter;IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [2020-07-31 34392]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2015-09-04 394992]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-09-04 805616]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2015-07-28 178976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-11-09 233904]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2018-10-01 70024]
S3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-10-25 30336]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 phantomtap;Phantom TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\phantomtap.sys [2020-01-08 35664]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2019-10-01 19456]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2019-02-26 7947304]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2019-10-01 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2019-10-01 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-11-03 170056]
R2 AdvancedSystemCareService13;Advanced SystemCare Service 13; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2020-06-15 1293072]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EaseUS Agent;EaseUS Agent Service; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2013-12-02 36936]
R2 Guard Agent;Guard Agent Service; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-09-04 23624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-11-04 19440]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2016-01-15 272456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-08-07 207648]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-08-07 415520]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06 787440]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-27 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2018-12-06 649712]
R2 TeamViewer;TeamViewer 12; D:\programy\Teamviewer\TeamViewer_Service.exe [2016-12-15 10351856]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 edgeupdate;Služba Microsoft Edge Update (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-06-26 224152]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28 153752]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2020-07-31 158992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2020-10-22 8736880]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; D:\programy\Daemon\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-10-06 1468608]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2019-11-05 803440]
S3 edgeupdatem;Služba Microsoft Edge Update (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-06-26 224152]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\elevation_service.exe [2020-12-02 1426928]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-12-17 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService); C:\Program Files (x86)\Microsoft\Edge\Application\83.0.478.50\elevation_service.exe [2020-06-12 1507216]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-11-21 243408]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06 787440]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-12 189640]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2020-07-31 1785120]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-11-26 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 06 pro 2020 22:10

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Spustit skenovani a pockaj na dokoncenie
V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

Ladix · #3 Příspěvek od **Ladix** » 07 pro 2020 14:55

Zde je log z AdwCleaneru:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2020
# Duration: 00:00:05
# OS: Windows 7 Professional
# Cleaned: 26
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\Users\uzivatel\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\uzivatel\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\invalidprefs.js
Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\IObit\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55FE3B32-5CBD-4719-A09A-E155DC4F756E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4039 octets] - [07/12/2020 14:46:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 08 pro 2020 02:34

V PC boli nainstalovane niektore programy od IObit (napr. Driver Booster, Advanced SystemCare, Uninstaller, atd.). Dorazne odporucam tieto programy nepouzivat (a odinstalovat ich, ak nejake este zostali), kedze su to cinske smejdy, ktore mozu poskodit system.

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Ladix · #5 Příspěvek od **Ladix** » 08 pro 2020 14:49

O těch programech od IObit jsem si četli o víkendu na Vašem fóru a měl jsem je v plánu odinstalovat.
Teď před tímto scanem jsem odinstaloval ten uninstaller, myslíš, že po něm ještě něco zbylo?
Zde jsou logy z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by uzivatel (administrator) on UZIVATEL-PC (08-12-2020 14:28:28)
Running from C:\Users\uzivatel\Desktop
Loaded Profiles: uzivatel
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\downloader.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Network Platform Group -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <2>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(TeamViewer GmbH -> TeamViewer GmbH) D:\programy\Teamviewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Run: [Advanced SystemCare] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952568 2020-10-29] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {03ae3fb3-cc06-11e6-8f9a-1c1b0d0cdf6a} - H:\Autoplay.exe -auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {1889f790-a368-11e6-9e2c-1c1b0d0cdf6a} - G:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {39be19c7-9867-11e6-b76e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B670E23-C85C-4A60-974F-2AF3E187D1C2} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887792 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B6B4598-95F8-46F5-8AC9-5FF898FBFBC5} - System32\Tasks\{57E3DB86-9F38-4B66-8E2A-177B8287D6D9} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\ELICEN~1\UNWISE.EXE -c C:\PROGRA~2\ELICEN~1\INSTALL.LOG
Task: {1C37EF1B-A0E9-4AC3-A5DD-50089AAD65CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {219E07F6-723A-46CA-96AD-352D05E1914F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {23B2DCD5-5D7E-4562-9262-90F74A29B360} - System32\Tasks\AdobeAAMUpdater-1.0-uzivatel-PC-uzivatel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {25AAB19B-B3BA-45A7-8178-51EA1E23581D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3575946B-8F2A-4409-B06F-5EE41ACA2CA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-22] (Adobe Inc. -> Adobe)
Task: {40B027B4-A6ED-4E55-AB48-71738BE9EEFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B8D9A47-878F-4CB5-9071-47530DB50843} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-28] (Google Inc -> Google Inc.)
Task: {5AFF0E24-EE04-49E6-885C-858384F9BA6A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [563184 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6AB62FDF-0A2D-45A8-B02A-9FB52303160B} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {7EEF5426-B151-4AE6-940C-DB5BCD1920F5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856048 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F260FEC-DAA2-4A47-B4CD-6E11C20856E4} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887792 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B71D731-0EC7-4B28-A90A-D0693383348A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887792 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {965EF408-A7EA-441F-8381-F3C9822B8A0A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3278A18-FE4E-4A88-A7D0-A27521CDB677} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {B6F8C533-582D-44A2-A04C-DC376830A970} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-28] (Google Inc -> Google Inc.)
Task: {CFD67B91-6BE0-4430-8A70-2DA5F76D161F} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {D519AB33-605A-4C53-B357-319BFB1CEBF9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560944 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6CD7E8B-D078-42BA-9536-1D1981F7292C} - System32\Tasks\ASC_SkipUac_uzivatel => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {E4A29D28-FA0D-485A-9895-D526C52DBFB1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E80994AB-42D3-4754-8311-F3DFB04F23DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856048 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC416C44-5EB8-4BE2-A497-54F38824ACB6} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887792 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9BD36FE-F5C1-4530-B2FE-EF090A7288E0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1004528 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{1309D8EE-C253-49B4-87A3-BC6D98D1F6A3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{22BF678E-9525-4125-9EBA-878E6FC70D61}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2ADF254A-A16E-4312-BD56-F0AE20D4E8FF}: [DhcpNameServer] 10.0.0.138

Edge:
======
Edge Profile: C:\Users\uzivatel\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-03]

FireFox:
========
FF DefaultProfile: xyencuj3.default-1561274577426
FF ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\8cruf47p.default-release [2020-12-07]
FF user.js: detected! => C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\8cruf47p.default-release\user.js [2020-01-05]
FF ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426 [2020-12-08]
FF user.js: detected! => C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\user.js [2020-01-05]
FF Notifications: Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426 -> hxxps://www.fastshare.cz
FF Extension: (No Name) - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-22] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-22] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js [2020-12-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\bd_config.cfg [2020-12-06] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default [2020-11-12]
CHR Extension: (Prezentace) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]
CHR Extension: (YouTube) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]
CHR Extension: (Tabulky) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-14]
CHR Extension: (Gmail) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-01]
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-10-22] (BattlEye Innovations e.K. -> )
S3 Disc Soft Lite Bus Service; D:\programy\Daemon\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-05] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
R2 TeamViewer; D:\programy\Teamviewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [242024 2020-03-17] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [582304 2020-10-01] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [242024 2020-03-17] (Bitdefender SRL -> Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AdvancedSystemCareService13; "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\Windows\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-05-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S3 cpuz145; C:\Windows\temp\cpuz145\cpuz145_x64.sys [49968 2020-12-07] (CPUID -> CPUID)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2020-01-08] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947304 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [385776 2020-07-07] (Bitdefender SRL -> Bitdefender)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-08 14:28 - 2020-12-08 14:30 - 000023112 _____ C:\Users\uzivatel\Desktop\FRST.txt
2020-12-08 14:27 - 2020-12-08 14:29 - 000000000 ____D C:\FRST
2020-12-08 14:26 - 2020-12-08 14:26 - 002288640 _____ (Farbar) C:\Users\uzivatel\Desktop\FRST64.exe
2020-12-06 17:37 - 2020-12-06 17:37 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-12-06 17:35 - 2020-12-06 17:35 - 000001160 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2020-12-06 17:35 - 2020-12-06 17:35 - 000001160 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2020-12-06 17:35 - 2020-06-09 16:13 - 000640760 _____ (Bitdefender) C:\Windows\system32\Drivers\trufos.sys
2020-12-06 17:34 - 2020-12-08 14:32 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-12-06 17:34 - 2020-12-08 14:20 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-12-06 17:34 - 2020-12-06 17:34 - 000000000 ____D C:\ProgramData\Bitdefender
2020-12-06 17:34 - 2020-09-16 12:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2020-12-06 17:34 - 2020-09-14 13:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys
2020-12-06 17:34 - 2020-07-07 10:14 - 000385776 _____ (Bitdefender) C:\Windows\system32\Drivers\vlflt.sys
2020-12-06 17:34 - 2020-05-26 12:23 - 000796200 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2020-12-06 17:34 - 2020-02-03 15:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2020-12-06 17:32 - 2020-12-06 17:37 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-12-06 17:32 - 2020-12-06 17:32 - 000116616 _____ C:\ProgramData\agent.1607272366.bdinstall.v2.bin
2020-12-06 17:32 - 2020-12-06 17:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-12-05 08:31 - 2020-12-05 10:54 - 000000000 ____D C:\Users\uzivatel\Desktop\hudba
2020-12-04 21:33 - 2020-12-04 21:41 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\qBittorrent
2020-12-04 21:33 - 2020-12-04 21:39 - 000000000 ____D C:\Users\uzivatel\Downloads\After.Effects.CC.2017
2020-12-04 21:33 - 2020-12-04 21:33 - 000000000 ____D C:\Users\uzivatel\AppData\Local\qBittorrent
2020-11-22 10:02 - 2020-11-22 10:02 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-21 14:09 - 2020-12-06 17:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-11-11 18:41 - 2020-11-26 17:42 - 000000000 ____D C:\Users\uzivatel\Desktop\Luky škola
2020-11-08 08:45 - 2020-11-08 08:45 - 000410280 _____ C:\Windows\Minidump\110820-14352-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-08 14:30 - 2016-10-24 15:05 - 000000000 ____D C:\Users\uzivatel\AppData\Local\Adobe
2020-12-08 14:30 - 2016-10-22 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-08 14:28 - 2016-11-15 20:37 - 000000000 ____D C:\Users\uzivatel\AppData\LocalLow\Mozilla
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\IObit
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-08 14:22 - 2010-11-21 10:27 - 000669580 _____ C:\Windows\system32\perfh005.dat
2020-12-08 14:22 - 2010-11-21 10:27 - 000141738 _____ C:\Windows\system32\perfc005.dat
2020-12-08 14:22 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-08 14:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-12-08 14:21 - 2019-03-09 11:28 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-08 14:17 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-07 19:57 - 2018-01-26 15:34 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\Kodi
2020-12-07 16:13 - 2020-09-15 15:55 - 000000000 ____D C:\Users\uzivatel\Downloads\Tracky - jungle-deep
2020-12-07 14:58 - 2009-07-14 05:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-12-07 14:58 - 2009-07-14 05:45 - 000035024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-12-07 14:47 - 2017-01-28 19:33 - 000000000 ____D C:\Users\uzivatel\AppData\LocalLow\IObit
2020-12-07 14:46 - 2016-12-26 12:15 - 000000000 ____D C:\AdwCleaner
2020-12-07 14:22 - 2017-01-28 19:33 - 000000000 ____D C:\ProgramData\ProductData
2020-12-06 14:30 - 2019-10-16 14:07 - 000000000 ____D C:\Users\uzivatel\Downloads\Tracky
2020-12-06 13:07 - 2016-12-26 11:25 - 000000000 ____D C:\Program Files\trend micro
2020-12-05 22:24 - 2017-10-04 18:52 - 002572800 ___SH C:\Users\uzivatel\Desktop\Thumbs.db
2020-12-05 11:05 - 2017-11-29 14:39 - 110624768 _____ C:\Windows\system32\config\SOFTWARE.iobit
2020-12-05 11:05 - 2017-11-29 14:39 - 061681664 _____ C:\Windows\system32\config\COMPONENTS.iobit
2020-12-05 11:05 - 2017-11-29 14:39 - 000245760 _____ C:\Windows\system32\config\DEFAULT.iobit
2020-12-05 11:05 - 2017-11-29 14:39 - 000028672 _____ C:\Windows\system32\config\SAM.iobit
2020-12-05 11:05 - 2017-11-29 14:39 - 000024576 _____ C:\Windows\system32\config\SECURITY.iobit
2020-12-05 09:09 - 2016-10-24 19:36 - 000000000 ____D C:\ProgramData\Avira
2020-12-05 09:09 - 2016-10-22 16:13 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-05 08:36 - 2020-06-30 19:40 - 000000000 ____D C:\Users\uzivatel\Desktop\Fotky mraků
2020-12-05 08:29 - 2017-08-24 17:42 - 000000000 ____D C:\Users\uzivatel\Desktop\Mix Fotky z M8
2020-12-04 21:05 - 2017-01-28 20:17 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 21:05 - 2017-01-28 20:17 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 15:37 - 2016-10-22 16:34 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2020-12-04 14:29 - 2016-10-22 16:46 - 000000000 ____D C:\Users\uzivatel\Documents\temp
2020-12-03 02:35 - 2017-01-28 20:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-03 02:35 - 2017-01-28 20:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-03 02:35 - 2017-01-28 20:17 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-23 19:34 - 2016-12-27 13:54 - 000000000 ____D C:\Users\uzivatel\AppData\Local\CrashDumps
2020-11-23 18:56 - 2016-11-01 14:48 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 18:56 - 2016-11-01 14:48 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-22 16:03 - 2016-10-22 17:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-22 10:03 - 2018-05-01 09:37 - 000004540 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-22 10:03 - 2017-03-12 13:42 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-11-22 10:03 - 2017-03-12 13:42 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-22 10:03 - 2016-10-24 15:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-11-22 10:03 - 2016-10-24 15:05 - 000000000 ____D C:\Windows\system32\Macromed
2020-11-17 18:17 - 2020-03-20 17:32 - 000000000 ____D C:\Users\uzivatel\Documents\American Truck Simulator
2020-11-17 17:33 - 2017-07-17 19:16 - 000000000 ____D C:\Users\uzivatel\Documents\Euro Truck Simulator 2
2020-11-17 07:28 - 2016-10-24 19:36 - 000222200 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-11-11 23:19 - 2017-06-04 09:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-11-09 20:17 - 2016-10-22 16:41 - 000000000 ____D C:\Users\uzivatel\AppData\Local\NVIDIA Corporation
2020-11-09 20:17 - 2016-10-22 16:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-08 09:12 - 2018-06-14 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-11-08 09:12 - 2016-10-24 19:25 - 000001318 _____ C:\Users\Public\Desktop\Skype.lnk
2020-11-08 09:12 - 2016-10-24 19:25 - 000001318 _____ C:\ProgramData\Desktop\Skype.lnk
2020-11-08 09:12 - 2016-10-24 19:25 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\Skype
2020-11-08 08:48 - 2016-10-22 16:01 - 000000000 ____D C:\Users\uzivatel
2020-11-08 08:45 - 2017-01-13 21:21 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2018-02-28 14:10 - 2018-03-02 17:10 - 000000040 _____ () C:\Users\uzivatel\AppData\Roaming\cdr.ini
2019-10-24 16:31 - 2020-02-04 14:21 - 000035663 _____ () C:\Users\uzivatel\AppData\Roaming\downloads.json
2018-02-24 10:14 - 2018-02-24 10:14 - 366870165 _____ () C:\Users\uzivatel\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
2018-02-24 10:14 - 2018-02-24 10:14 - 000004029 _____ () C:\Users\uzivatel\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
2016-11-03 20:07 - 2016-11-03 20:07 - 000003584 _____ () C:\Users\uzivatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-23 19:45 - 2018-05-23 19:45 - 000000720 _____ () C:\Users\uzivatel\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-12-04 16:48
==================== End of FRST.txt ========================

A druhý log Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by uzivatel (08-12-2020 14:34:25)
Running from C:\Users\uzivatel\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-10-22 15:01:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4201812246-1458557891-2044115301-500 - Administrator - Disabled)
Guest (S-1-5-21-4201812246-1458557891-2044115301-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4201812246-1458557891-2044115301-1002 - Limited - Enabled)
uzivatel (S-1-5-21-4201812246-1458557891-2044115301-1000 - Administrator - Enabled) => C:\Users\uzivatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F2}) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.453 - Adobe)
Aktualizace NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
American Truck Simulator v.1.36.1.34s.Hotfix (HKLM-x32\...\American Truck Simulator_is1) (Version: - )
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{073825B9-FF06-4690-8CE4-3C0B72036122}) (Version: 2.0.6.37231 - Avira Operations GmbH & Co. KG) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.17.209 - Bitdefender)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DiRT 4 (HKLM\...\ZGlydDQ_is1) (Version: 1 - )
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 verze 1.25.3.0 (HKLM-x32\...\{59FAD5B8-3F51-4E9B-AB6C-495CC5AA2CB5}_is1) (Version: 1.25.3.0 - )
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - Eusing Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: 1.0.350.1 - Rockstar)
GRID (HKLM-x32\...\{156C3E4C-4C12-4BD3-9CD4-F2F858A2458B}) (Version: 1.20.0000 - Codemasters)
HiP2P Client (HKLM-x32\...\{2F3762A1-58CA-43A8-9854-88BCC34C6D2F}) (Version: 5.1.1.8 - Hi)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kodi (HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Kodi) (Version: - XBMC-Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.37 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x64 cs) (HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Mozilla Firefox 69.0.1 (x64 cs)) (Version: 69.0.1 - Mozilla)
Mozilla Firefox 83.0 (x64 cs) (HKLM\...\Mozilla Firefox 83.0 (x64 cs)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 83.0.0.7621 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
PokerStars.cz (HKLM-x32\...\PokerStars.cz) (Version: - PokerStars.cz)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Roblox Player for uzivatel (HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for uzivatel (HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\roblox-studio) (Version: - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Serato DJ Lite (HKLM\...\{47C3DBDD-F04D-4187-9E25-3554DC4F5C97}) (Version: 1.3.2.77 - Serato Limited) Hidden
Serato DJ Lite (HKLM-x32\...\{ad345119-e467-4b40-9ec1-3a0e3d77316b}) (Version: 1.3.2.77 - Serato Limited)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
Spintires MudRunner American Wilds (HKLM-x32\...\Spintires MudRunner American Wilds_is1) (Version: - )
SportZone (HKLM-x32\...\{5AE24741-DE0F-6E31-203E-160CBE9F475B}) (Version: 1.5.1 - UNKNOWN) Hidden
SportZone (HKLM-x32\...\com.sportplanet.sportzone) (Version: 1.5.1 - UNKNOWN)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TP-Link TL-WN722N Driver (HKLM-x32\...\{F9C15685-38A9-46A1-9826-97204015C19C}) (Version: 2.1.0 - TP-Link)
TP-Link Wireless Adapter WPS Tool (HKLM-x32\...\{685EFF87-B126-49E4-8213-70C56625C5B5}) (Version: 1.0.0.1 - TP-Link)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.30 - NCH Software)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 7 Codec Pack 4.1.6 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.6 - Windows 7 Codec Pack)
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WRC 8 FIA World Rally Championship (HKLM-x32\...\WRC 8 FIA World Rally Championship_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programy\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programy\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => -> No File
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programy\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programy\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\system32\ff_vfw.dll [127488 2014-12-05] () [File not signed]
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-12-05] () [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2014-04-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3525120 2014-11-16] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [216064 2013-12-17] () [File not signed]
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\uzivatel\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\uzivatel\Desktop\(64х)American Truck Simulator.lnk -> D:\games\American truck simulator\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software) <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2016-10-22 18:35 - 2008-11-25 16:18 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-10-22 18:35 - 2004-10-05 02:08 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2018-02-24 10:57 - 2014-02-27 19:08 - 003474432 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterCore.dll
2016-10-22 18:35 - 2008-11-25 16:18 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000022600 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-10-22 18:35 - 2014-01-13 17:06 - 000105544 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-10-22 18:35 - 2013-10-22 16:31 - 000037960 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-10-22 18:35 - 2013-12-24 16:42 - 000017992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-10-22 18:35 - 2013-12-23 10:01 - 000281672 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000135752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000098888 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000029768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000030280 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000192072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000192584 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000068680 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000293960 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000468040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000578632 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-10-22 18:35 - 2013-11-14 13:59 - 000031304 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000115784 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000096840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000050248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000069192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000135240 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-10-22 18:35 - 2013-10-31 13:59 - 000078408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-10-22 18:35 - 2014-01-08 15:22 - 000398408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000020040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000045128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000284232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 001080392 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000223304 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000079944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuMutilcast.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000202312 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\eunet.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000100936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000135240 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000071752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000421448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000078920 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000137288 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000038472 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000052808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000126024 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-10-22 18:35 - 2013-11-27 17:44 - 000108616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000160328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-10-22 18:35 - 2013-12-13 16:21 - 000197192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000133704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-10-22 18:35 - 2013-11-29 14:56 - 000115272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000138312 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000129608 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NetManager.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000310856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000057928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000187464 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000109128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000077896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000126024 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000247880 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000069704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000278600 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XSnapshot.dll
2016-10-22 18:35 - 2013-09-04 10:19 - 000133192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\xsssdk.dll
2016-10-22 18:36 - 2013-09-04 10:20 - 000446024 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
2017-12-10 00:00 - 2017-10-27 17:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
AlternateDataStreams: C:\Users\uzivatel\ntuser.ini:NTV [10006]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-24 11:16 - 000001030 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{387790D2-11C4-4D8E-9F1F-CB5FC39245AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C4780E66-25F9-4C13-A91A-F7B4F53F0F0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{91896254-3A2C-4EAF-9DE7-6FFCE5E7BE70}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{34276AD5-C26F-4B25-A8F0-15C0F7D4D2CA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{0779255A-7578-47CF-BD02-384D0332AA1C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{B6B29E70-5963-4592-B843-77A6BFE33AD1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{E9F0F922-0A9A-48B9-9E8F-89E89A7DD345}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{2F740395-0059-4980-9686-AA8FF7AB0BCE}] => (Allow) D:\games\Grid\GRID.exe (Codemasters) [File not signed]
FirewallRules: [{690D02F0-633E-4807-933D-56E843C3271C}] => (Allow) D:\games\Grid\GRID.exe (Codemasters) [File not signed]
FirewallRules: [{E465ED01-5F90-4A97-B697-C26BB811FDAE}] => (Allow) D:\programy\Teamviewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CCBB71F5-8A48-4AA4-84D6-E124F5DE3C1B}] => (Allow) D:\programy\Teamviewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FEBB642B-3ABF-4C1D-ABF9-7378DDCEE4AD}] => (Allow) D:\programy\Teamviewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EEE4E6C2-0EFB-40C9-8C2A-93E2FB30C4BB}] => (Allow) D:\programy\Teamviewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FA676127-FE39-45D2-942D-D0F423FFA3FA}] => (Allow) D:\programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4F23CAE0-316D-4931-ADA0-4E984DB06262}] => (Allow) D:\programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A4F8293E-5FB6-4C45-B313-5DCE75370B56}D:\games\grand theft auto v\gta v\grand theft auto v\gta5.exe] => (Block) D:\games\grand theft auto v\gta v\grand theft auto v\gta5.exe (Take-Two Interactive Software, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{D0246B02-C87B-404D-808E-853A517BE4E8}D:\games\grand theft auto v\gta v\grand theft auto v\gta5.exe] => (Block) D:\games\grand theft auto v\gta v\grand theft auto v\gta5.exe (Take-Two Interactive Software, Inc. -> Rockstar Games)
FirewallRules: [{DBC8F4C3-8622-4FC5-9863-08C71EFF8554}] => (Allow) D:\programy\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{40A68807-7FB3-4B94-8B6B-CA29EBFD754B}] => (Allow) D:\programy\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{AC1727FF-04C5-4CC3-9A92-A3A0DA398CD5}D:\programy\kamera\p2pclient.exe] => (Allow) D:\programy\kamera\p2pclient.exe () [File not signed]
FirewallRules: [UDP Query User{4907288E-7A6C-4280-B400-3CC55D71D8A5}D:\programy\kamera\p2pclient.exe] => (Allow) D:\programy\kamera\p2pclient.exe () [File not signed]
FirewallRules: [{98CC2A81-E67C-4664-970B-6B23428C4563}] => (Allow) D:\programy\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{31B02DE8-F7BD-4133-807D-73EFCD542ED5}] => (Allow) D:\programy\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [TCP Query User{04E0CB53-341A-475D-9E05-56F603952249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{07D44F5E-02A7-47B9-8EFC-C483336A8084}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [TCP Query User{14682D5D-B610-48A2-A1AD-F204115EAB5C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{DCBE4E64-4A25-4F87-8755-92A26EF23DB6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D2C856B1-4622-4B3D-AFE3-83FBCB189440}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{AE2015D4-0B03-462D-975A-522C94F52771}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [TCP Query User{F4061ECF-84DC-4E98-84EC-CC1D41B9D42B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{1F98F152-D1FE-4482-AF47-8D36ADDA9325}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{2973DD57-8951-401C-AD39-79E2A09AA40D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E80DBAC7-8C0E-40E4-BC97-934BA6945C8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3D03A325-C3F4-4B62-81E6-19C97F4DF2F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{28BF9716-51E3-4AFF-BF65-761F372014E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{542D4253-B776-48FB-8CE2-528BC440008C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A9DADE31-3E22-4680-869C-D0774647EF38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3459985B-B9DC-4381-809C-9D8AB37E08E9}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{21500371-0FC5-4E29-9E07-614707A86A05}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{9CE5A4CB-CFEF-4119-A942-319E48A20E32}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{3717EE8F-97B6-4255-B94D-0F0F6C8D0E47}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{8D252214-D020-4818-83B0-E9655FC53DBB}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{ABBED017-271C-4DA8-92ED-607BD84E7332}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{927A3C9F-B14A-43F2-A07E-DE8709CFBFF0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{84DA3DA9-FFE2-43A2-BCFF-E7F645DB8465}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8E5E9438-0F4E-4759-8C1B-4BA294964BA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1953F741-26E4-4940-A886-BCEB2A5F3688}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C2ED6BF-299D-4489-B773-D29F714F8F4F}] => (Allow) D:\programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E8DC1685-5A1D-4138-820C-8587FFCC881D}] => (Allow) D:\programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A6632D5C-5D49-4867-A196-B523159AC722}] => (Allow) D:\programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A1FE3D63-C3FD-4B62-A1F9-7D4F7020A408}] => (Allow) D:\programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{D3DD0C22-4BCA-4461-A7EA-78F0208E2C81}D:\games\fortnite\fortnite game\rocketleague\binaries\win64\rocketleague.exe] => (Block) D:\games\fortnite\fortnite game\rocketleague\binaries\win64\rocketleague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [UDP Query User{AA5AC561-6FF3-47F2-9A0D-CAACF36133D5}D:\games\fortnite\fortnite game\rocketleague\binaries\win64\rocketleague.exe] => (Block) D:\games\fortnite\fortnite game\rocketleague\binaries\win64\rocketleague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{7339E708-D7CB-4043-8B33-7697F9C36B82}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7B62C18-D7E6-4325-80DF-97CFA1FF26C7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31FE757D-134E-4359-A518-9647475DF4C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-12-2020 19:12:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Myš Microsoft pro port PS/2
Description: Myš Microsoft pro port PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
==================
Error: (12/08/2020 02:30:07 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/08/2020 02:19:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2020 02:50:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2020 02:32:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/07/2020 02:22:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/06/2020 01:03:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/05/2020 10:24:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/05/2020 11:02:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (12/08/2020 02:33:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (12/08/2020 02:33:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (12/08/2020 02:25:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (12/08/2020 02:25:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (12/08/2020 02:21:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (12/08/2020 02:21:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (12/08/2020 02:19:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (12/08/2020 02:19:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F5 03/11/2016
Motherboard: Gigabyte Technology Co., Ltd. B150-HD3-CF
Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 26%
Total physical RAM: 16316.88 MB
Available physical RAM: 11927 MB
Total Virtual: 32631.91 MB
Available Virtual: 28210.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.9 GB) (Free:11.83 GB) NTFS
Drive d: (DATA) (Fixed) (Total:781.51 GB) (Free:163.64 GB) NTFS
Drive e: (mp3 dnb sety) (CDROM) (Total:4.38 GB) (Free:0 GB) CDFS

\\?\Volume{39be19c3-9867-11e6-b76e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6B9556AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#6 Příspěvek od **Conder** » 10 pro 2020 02:15

Zopar pozostatkov po IObit SW tam este ostalo, ale tie budu zmazane pomocou tohto fixlistu.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start::
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Windows\explorer.exe
ExportKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ExportKey: HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CMD: type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\8cruf47p.default-release\user.js"
CMD: type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\user.js"
CMD: type "C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js"
CMD: type "C:\Program Files (x86)\mozilla firefox\bd_config.cfg"
Folder: C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4

HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Run: [Advanced SystemCare] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {03ae3fb3-cc06-11e6-8f9a-1c1b0d0cdf6a} - H:\Autoplay.exe -auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {1889f790-a368-11e6-9e2c-1c1b0d0cdf6a} - G:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {39be19c7-9867-11e6-b76e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {1B6B4598-95F8-46F5-8AC9-5FF898FBFBC5} - System32\Tasks\{57E3DB86-9F38-4B66-8E2A-177B8287D6D9} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\ELICEN~1\UNWISE.EXE -c C:\PROGRA~2\ELICEN~1\INSTALL.LOG
Task: {CFD67B91-6BE0-4430-8A70-2DA5F76D161F} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {D6CD7E8B-D078-42BA-9536-1D1981F7292C} - System32\Tasks\ASC_SkipUac_uzivatel => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 AdvancedSystemCareService13; "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe" [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\IObit
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-07 14:47 - 2017-01-28 19:33 - 000000000 ____D C:\Users\uzivatel\AppData\LocalLow\IObit
2020-12-06 13:07 - 2016-12-26 11:25 - 000000000 ____D C:\Program Files\trend micro
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =>  -> No File
ContextMenuHandlers1: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
AlternateDataStreams: C:\Users\uzivatel\ntuser.ini:NTV [10006]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Hosts:
EmptyTemp:
End::

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Ladix · #7 Příspěvek od **Ladix** » 10 pro 2020 16:12

Mám ještě dotaz. Předchvílí se mi stalo na "fejsbůku", když jsem si pustil dvě videa naráz, za pár vteřin mi zčernala obrazovka a po asi 2 vteřinách se zase zpět obnovila a hodilo mi to hlášku viz. foto v příloze. Nestalo se mi to poprvé, tak bych se chtěl zeptat, co by se s tím dalo dělat?

A zde je fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
Ran by uzivatel (10-12-2020 15:42:15) Run:1
Running from C:\Users\uzivatel\Desktop
Loaded Profiles: uzivatel
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Windows\explorer.exe
ExportKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ExportKey: HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CMD: type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\8cruf47p.default-release\user.js"
CMD: type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\user.js"
CMD: type "C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js"
CMD: type "C:\Program Files (x86)\mozilla firefox\bd_config.cfg"
Folder: C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Run: [Advanced SystemCare] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {03ae3fb3-cc06-11e6-8f9a-1c1b0d0cdf6a} - H:\Autoplay.exe -auto
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {1889f790-a368-11e6-9e2c-1c1b0d0cdf6a} - G:\setup.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\MountPoints2: {39be19c7-9867-11e6-b76e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {1B6B4598-95F8-46F5-8AC9-5FF898FBFBC5} - System32\Tasks\{57E3DB86-9F38-4B66-8E2A-177B8287D6D9} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\ELICEN~1\UNWISE.EXE -c C:\PROGRA~2\ELICEN~1\INSTALL.LOG
Task: {CFD67B91-6BE0-4430-8A70-2DA5F76D161F} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {D6CD7E8B-D078-42BA-9536-1D1981F7292C} - System32\Tasks\ASC_SkipUac_uzivatel => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 AdvancedSystemCareService13; "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe" [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Users\uzivatel\AppData\Roaming\IObit
2020-12-08 14:25 - 2017-01-28 19:32 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-07 14:47 - 2017-01-28 19:33 - 000000000 ____D C:\Users\uzivatel\AppData\LocalLow\IObit
2020-12-06 13:07 - 2016-12-26 11:25 - 000000000 ____D C:\Program Files\trend micro
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers1: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} => -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
AlternateDataStreams: C:\Users\uzivatel\ntuser.ini:NTV [10006]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 2839
Average :
Sum : 16165932045
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Windows\explorer.exe ========================

C:\Windows\explorer.exe
Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_40_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat
File is digitally signed
MD5: 38AE1B3C38FAEF56FE4907922F0385BA
Creation and modification date: 2016-11-25 22:35 - 2016-08-29 16:04
Size: 003229696
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: explorer
Original Name: EXPLORER.EXE
Product: MicrosoftÂ® WindowsÂ® Operating System
Description: Windows Explorer
File Version: 6.1.7601.23537 (win7sp1_ldr.160829-0600)
Product Version: 6.1.7601.23537
Copyright: Â© Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/d5b ... 1607603993

====== End of File: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"Shell"="explorer.exe"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"Userinit"="C:\Windows\System32\Userinit.exe,"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AutoRestartShell"="1"
"Background"="0 0 0"
"CachedLogonsCount"="10"
"DebugServerCommand"="no"
"ForceUnlockLogon"="0"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PasswordExpiryWarning"="5"
"PowerdownAfterShutdown"="0"
"ShutdownWithoutLogon"="0"
"WinStationsDisabled"="0"
"DisableCAD"="1"
"scremoveoption"="0"
"ShutdownFlags"="115"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
""="Wireless Group Policy"
"DisplayName"="@wlgpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
"GenerateGroupPolicy"="GenerateWLANPolicy"
"DllName"="wlgpclnt.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
""="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron"
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"="@gpprefcl.dll,-1"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
""="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"="@gpprefcl.dll,-2"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
""="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"="@gpprefcl.dll,-3"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
""="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"="fdeploy.dll"
"NoMachinePolicy"="1"
"NoSlowLink"="1"
"PerUserLocalSettings"="1"
"NoGPOListChanges"="0"
"NoBackgroundPolicy"="0"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"="(Folder Redirection,Application)"
"DisplayName"="@fdeploy.dll,-261"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
""="Microsoft Disk Quota"
"DisplayName"="@%SystemRoot%\System32\dskquota.dll,-100"
"NoMachinePolicy"="0"
"NoUserPolicy"="1"
"NoSlowLink"="1"
"NoBackgroundPolicy"="1"
"NoGPOListChanges"="1"
"PerUserLocalSettings"="0"
"RequiresSuccessfulRegistry"="1"
"EnableAsynchronousProcessing"="0"
"DllName"="%SystemRoot%\System32\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
""="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"="@gpprefcl.dll,-4"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
""="QoS Packet Scheduler"
"DisplayName"="@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
""="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"DllName"="gpscript.dll"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"NoSlowLink"="1"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"NoGPOListChanges"="1"
"NotifyLinkTransition"="1"
"DisplayName"="@gpscript.dll,-1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
""="Remote Desktop USB Redirection"
"DllName"="%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"="1"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"="1"
"NoUserPolicy"="1"
"DisplayName"="@%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
""="Internet Explorer Zonemapping"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"="1"
"NoGPOListChanges"="1"
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
""="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"NoMachinePolicy"="1"
"DisplayName"="@gpprefcl.dll,-5"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
"NoBackgroundPolicy"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
""="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"="@gpprefcl.dll,-6"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
""="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"NoUserPolicy"="1"
"DisplayName"="@gpprefcl.dll,-7"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}]
""="Remote Desktop Protocol Extension"
"DllName"="%SystemRoot%\System32\RdpGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"="1"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"="1"
"NoUserPolicy"="1"
"DisplayName"="@%SystemRoot%\System32\RdpGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
""="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"="@gpprefcl.dll,-8"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
""="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"="@gpprefcl.dll,-9"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
""="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"="@gpprefcl.dll,-10"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
""="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="%SystemRoot%\System32\srchadmin.dll"
"RequiresSuccessfulRegistry"="1"
"NoSlowLink"="0"
"NoGPOListChanges"="1"
"NoUserPolicy"="0"
"NoMachinePolicy"="0"
"PerUserLocalSettings"="0"
"EnableAsynchronousProcessing"="1"
"NoBackgroundPolicy"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
""="Internet Explorer User Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"="1"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"="1"
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
""="Security"
"DisplayName"="@(runtime.system32)\scecli.dll,-7650"
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"="1"
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"="1"
"DllName"="scecli.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
"EnableAsynchronousProcessing"="1"
"MaxNoGPOListChangesInterval"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
""="Deployed Printer Connections"
"DisplayName"="@%systemroot%\system32\gpprnext.dll,-1"
"DllName"="%systemroot%\system32\gpprnext.dll"
"EnableAsynchronousProcessing"="1"
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"="0"
"NoBackgroundPolicy"="0"
"NoGPOListChanges"="0"
"NoMachinePolicy"="0"
"NoSlowLink"="1"
"NotifyLinkTransition"="0"
"NoUserPolicy"="0"
"PerUserLocalSettings"="0"
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
""="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"="@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
""="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"="@gpprefcl.dll,-12"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
""="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"="@gpprefcl.dll,-13"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
""="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"="@gpprefcl.dll,-14"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
""="802.3 Group Policy"
"DisplayName"="@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"="dot3gpclnt.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
""="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"="@gpprefcl.dll,-16"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
""="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"="@gpprefcl.dll,-17"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
""="Microsoft Offline Files"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="%SystemRoot%\System32\cscobj.dll"
"RequiresSuccessfulRegistry"="1"
"NoSlowLink"="0"
"NoGPOListChanges"="0"
"NoUserPolicy"="0"
"NoMachinePolicy"="0"
"PerUserLocalSettings"="0"
"EnableAsynchronousProcessing"="1"
"NoBackgroundPolicy"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
""="Software Installation"
"RequiresSucessfulRegistry"="0"
"DllName"="appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"="1"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"EventSources"="(Application Management,Application)*(MsiInstaller,Application)"
"NoUserPolicy"="0"
"DisplayName"="@appmgmts.dll,-3252"
"PerUserLocalSettings"="1"
"NoBackgroundPolicy"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
""="TCPIP"
"DisplayName"="@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
"RequiresSuccessfulRegistry"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
""="Internet Explorer Machine Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"="1"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"="1"
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
""="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"="%SystemRoot%\System32\polstore.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="0"
"DisplayName"="@C:\Windows\system32\polstore.dll,-5012"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
""="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyInternet"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"NoMachinePolicy"="1"
"DisplayName"="@gpprefcl.dll,-18"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
""="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"="@gpprefcl.dll,-19"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
""="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"="@gpprefcl.dll,-20"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
""="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"="@gpprefcl.dll,-21"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
""="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="auditcse.dll"
"NoUserPolicy"="1"
"EnableAsynchronousProcessing"="1"
"MaxNoGPOListChangesInterval"="960"
"ForceRefreshFG"="0"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
""="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"NoMachinePolicy"="1"
"DisplayName"="@gpprefcl.dll,-15"
"PerUserLocalSettings"="1"
"EnableAsynchronousProcessing"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
""="Enterprise QoS"
"DisplayName"="@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"="gptext.dll"
"RequiresSuccessfulRegistry"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
""="CP"
"DisplayName"="@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"="1"
"NoGPOListChanges"="1"
"RequiresSuccessfulRegistry"="1"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
"BuildNumber"="7601"
"FirstLogon"="0"
"ParseAutoexec"="1"
"shell"="explorer.exe"

=== End of ExportKey ===

========= type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\8cruf47p.default-release\user.js" =========

´ W%%
========= End of CMD: =========

========= type "C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\xyencuj3.default-1561274577426\user.js" =========

´ W%%
========= End of CMD: =========

========= type "C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js" =========

//Set by BitDefender.
pref("general.config.obscure_value", 0);
pref("general.config.filename","bd_config.cfg");

========= End of CMD: =========

========= type "C:\Program Files (x86)\mozilla firefox\bd_config.cfg" =========

//Set by BitDefender.
lockPref("security.enterprise_roots.enabled", true);

========= End of CMD: =========

========================= Folder: C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 ========================

2020-12-06 17:37 - 2020-12-10 15:23 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4\dllReport.bdagent.V2

====== End of Folder: ======

"HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare" => removed successfully
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ae3fb3-cc06-11e6-8f9a-1c1b0d0cdf6a} => removed successfully
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1889f790-a368-11e6-9e2c-1c1b0d0cdf6a} => removed successfully
HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be19c7-9867-11e6-b76e-806e6f6e6963} => removed successfully
"HKU\S-1-5-21-4201812246-1458557891-2044115301-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B6B4598-95F8-46F5-8AC9-5FF898FBFBC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6B4598-95F8-46F5-8AC9-5FF898FBFBC5}" => removed successfully
C:\Windows\System32\Tasks\{57E3DB86-9F38-4B66-8E2A-177B8287D6D9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57E3DB86-9F38-4B66-8E2A-177B8287D6D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFD67B91-6BE0-4430-8A70-2DA5F76D161F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD67B91-6BE0-4430-8A70-2DA5F76D161F}" => removed successfully
C:\Windows\System32\Tasks\ASC_PerformanceMonitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_PerformanceMonitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6CD7E8B-D078-42BA-9536-1D1981F7292C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6CD7E8B-D078-42BA-9536-1D1981F7292C}" => removed successfully
C:\Windows\System32\Tasks\ASC_SkipUac_uzivatel => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_SkipUac_uzivatel" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService13 => removed successfully
AdvancedSystemCareService13 => service removed successfully
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\iobit_monitor_server => removed successfully
iobit_monitor_server => service removed successfully
C:\Users\uzivatel\AppData\Roaming\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\uzivatel\AppData\LocalLow\IObit => moved successfully
C:\Program Files\trend micro => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\_Movavivc11 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning => removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\uzivatel\ntuser.ini => ":NTV" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7910639 B
Java, Flash, Steam htmlcache => 62461774 B
Windows/system/drivers => 3494797 B
Edge => 0 B
Chrome => 1345420 B
Firefox => 792367173 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 33058 B
ProgramData => 33058 B
systemprofile => 66244 B
systemprofile32 => 99430 B
LocalService => 165658 B
NetworkService => 231886 B
uzivatel => 190146456 B

RecycleBin => 8447152 B
EmptyTemp: => 1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:43:35 ====

#8 Příspěvek od **Conder** » 12 pro 2020 03:13

Islo o pad ovladaca grafickej karty. Aka je v PC graficka karta?

Ladix · #9 Příspěvek od **Ladix** » 13 pro 2020 18:20

Je to: NVIDIA GeForce GTX 1060 3GB

#10 Příspěvek od **Conder** » 14 pro 2020 01:04

OK, odporucam teda stiahnut a nainstalovat aktualnu verziu NVIDIA ovladacu zo stranky https://www.nvidia.com/download/index.aspx

Aktualna posledna verzia pre GTX 1060 & Windows 7 64-bit je tato: https://www.nvidia.com/Download/driverR ... 7415/en-us

A kedze ide o Windows 7, tak tiez chcem upozornit, ze podpora Windows 7 skoncila uz 14. 1. 2020 a uz nie su opravovane bezpecnostne ani ine chyby. Takisto je mozne ocakavat, ze aj nove verzie programov prestanu podporovat Windows 7.

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola