VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus reklamy

https://forum.viry.cz:443/viewtopic.php?t=151168

Stránka 1 z 1

Virus reklamy

Napsal: 18 led 2017 14:06
od p4to
Ahojte,
mal som zavireny pc, same reklamy ... uz to vyzerá, byt v pohode no myslim si, ze tam este nieco ostalo.
PC sa zapina strasne dlho, oproti obdobiu pred virusom ...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by p4too (administrator) on DESKTOP-FSNBGS5 (18-01-2017 14:04:17)
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Platform: Windows 10 Pro N Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ExpanDrive, Inc.) C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe
() C:\Program Files (x86)\ExpanDrive\expandrive\expandrivedw.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-29] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\p4too\AppData\Roaming\gplyra\gplyra\start.cmd [216 2016-01-19] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1471072 2015-02-04] (ExpanDrive, Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-02] (Spotify Ltd)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\vlitza5s: C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll [292352 2017-01-18] ()
SSODL: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellExecuteHooks: No Name - {2B291F10-DB96-11E6-B994-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {9CF93BCF-F6A8-4625-A75C-2F8F67BA0D39} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {9CF93BCF-F6A8-4625-A75C-2F8F67BA0D39} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe – odkaz.lnk [2016-09-20]
ShortcutTarget: thunderbird.exe – odkaz.lnk -> E:\SoftWare\Thunderbird\thunderbird.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{450fc5d8-0ece-4669-ae3b-2a1cd2e0fa44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [DhcpNameServer] 8.8.4.4 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-01-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=3 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=9 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=9227f5a8015421805b78 ... 5A&type=hp"
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-18] <==== ATTENTION
CHR Extension: (Prekladač Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-09-17]
CHR Extension: (Prezentácie Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
CHR Extension: (Dokumenty Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Disk Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
CHR Extension: (YouTube) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
CHR Extension: (Adblock Plus) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-12-23]
CHR Extension: (Tabuľky Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
CHR Extension: (Kaspersky Protection) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-01-18]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (AdBlock) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Gmail) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-18]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 jetbrainsetw.106.0.20160913.92350; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [1474624 2016-09-13] (JetBrains s.r.o)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [X]
S4 OracleJobSchedulerXE; e:\software\oracledatabase\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [X]
S3 OracleMTSRecoveryService; E:\oracle\app\pato\product\11.1.0\client_1\bin\omtsreco.exe "OracleMTSRecoveryService" [X]
S2 OracleServiceXE; e:\software\oracledatabase\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [X]
S3 OracleXEClrAgent; E:\SoftWare\OracleDatabase\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:E:\SoftWare\OracleDatabase\app\oracle\product\11.2.0\server\bin\oraclr11.dll" <==== ATTENTION
S2 OracleXETNSListener; E:\SoftWare\OracleDatabase\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [X]
S2 Prijik; C:\Program Files (x86)\Habing\Srhcloud.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2017-01-18] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1019616 2017-01-18] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-18] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-01-18] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [85984 2017-01-18] ()
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [245512 2017-01-18] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [104720 2017-01-18] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [164888 2017-01-18] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [134880 2017-01-18] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-01-18] (WinMount International Inc)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-08-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 cbfs6-0; \??\E:\SoftWare\NetDrive\cbfs6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 14:04 - 2017-01-18 14:04 - 00024107 _____ C:\Users\p4too\Desktop\FRST.txt
2017-01-18 13:57 - 2017-01-18 13:57 - 00049522 _____ C:\Users\p4too\Desktop\FRST1 (2).txt
2017-01-18 13:52 - 2017-01-18 13:57 - 03146014 _____ C:\Users\p4too\Desktop\FRST1 (1).txt
2017-01-18 13:51 - 2017-01-18 14:04 - 00000000 ____D C:\FRST
2017-01-18 13:50 - 2017-01-18 13:50 - 00112640 _____ (forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe
2017-01-18 13:49 - 2017-01-18 13:49 - 02419200 _____ (Farbar) C:\Users\p4too\Desktop\FRST64.exe
2017-01-18 12:00 - 2017-01-18 12:00 - 00000000 ____D C:\Users\p4too\AppData\Roaming\NVIDIA
2017-01-18 11:41 - 2017-01-18 12:12 - 00000000 ____D C:\Users\p4too\AppData\Local\AdvinstAnalytics
2017-01-18 11:25 - 2017-01-18 11:25 - 00245512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00218920 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00164888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00104720 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00085984 _____ C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2017-01-18 11:20 - 2017-01-18 11:51 - 00003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-01-18 11:20 - 2017-01-18 11:36 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-01-18 11:20 - 2017-01-18 11:22 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-18 11:20 - 2017-01-18 11:20 - 00002208 _____ C:\Users\Public\Desktop\Safe Money.lnk
2017-01-18 11:20 - 2017-01-18 11:20 - 00002184 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2017-01-18 11:20 - 2017-01-18 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2017-01-18 11:20 - 2017-01-18 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-01-18 11:20 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2017-01-18 11:19 - 2017-01-18 13:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-18 11:19 - 2017-01-18 11:25 - 01019616 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-01-18 11:19 - 2017-01-18 11:24 - 00435032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-01-18 11:19 - 2017-01-18 11:20 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-01-18 11:19 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-01-18 11:13 - 2017-01-18 12:01 - 00000000 ____D C:\Users\p4too\AppData\Local\app
2017-01-18 11:13 - 2017-01-18 11:27 - 00000000 ____D C:\Program Files\Q7F8DGH862
2017-01-18 11:13 - 2017-01-18 11:13 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2017-01-18 11:13 - 2017-01-18 11:13 - 00003558 _____ C:\Windows\System32\Tasks\KuaiZip_Update
2017-01-18 11:13 - 2017-01-18 11:13 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Softlink
2017-01-18 11:13 - 2017-01-18 11:13 - 00000000 ____D C:\Users\p4too\AppData\Roaming\KuaiZip
2017-01-18 11:13 - 2017-01-18 11:13 - 00000000 ____D C:\Users\p4too\AppData\Local\tuto_monetize_120170117
2017-01-18 11:12 - 2017-01-18 13:41 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Phejutiontgersp
2017-01-18 11:12 - 2017-01-18 12:25 - 00000000 ____D C:\Program Files (x86)\Jerjatstervele Server
2017-01-18 11:12 - 2017-01-18 11:13 - 00000000 ____D C:\Users\p4too\AppData\Roaming\UCChannel
2017-01-18 11:12 - 2017-01-18 11:12 - 00006100 _____ C:\Windows\System32\Tasks\Jerjatstervele Server
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Microleaves
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\p4too\AppData\Roaming\gplyra
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\p4too\AppData\Local\Mepock
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\p4too\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\Avira
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\Avg
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 _____ C:\TOSTACK
2017-01-14 15:52 - 2017-01-14 15:52 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-02 21:21 - 2017-01-18 11:22 - 00000000 ____D C:\Users\p4too\AppData\Local\Spotify
2017-01-02 21:21 - 2017-01-02 21:21 - 00001836 _____ C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-01-02 21:20 - 2017-01-18 10:44 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Spotify
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\Users\p4too\AppData\Local\VS Revo Group
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-01 22:22 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-12-31 21:29 - 2016-12-31 21:29 - 00000000 ____D C:\ProgramData\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
2016-12-31 21:20 - 2016-12-31 21:20 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Quest Software
2016-12-25 16:52 - 2016-12-25 16:52 - 00004002 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003974 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003938 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003912 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003750 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003708 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-25 16:52 - 2016-12-12 04:03 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-12-25 16:51 - 2016-12-25 16:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-25 16:51 - 2016-12-12 04:03 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-25 16:51 - 2016-12-11 19:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-25 16:51 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-25 16:51 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-25 16:51 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-25 16:51 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-25 16:50 - 2016-12-25 16:51 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-25 16:49 - 2016-12-12 04:03 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 34710584 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 28201408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10803880 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10353960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 09158616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 08761560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 02950200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 02587704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01038392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00974784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00942528 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00894400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00802768 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00643928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00394888 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00327408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-12-25 16:49 - 2016-12-12 04:03 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-12-25 16:49 - 2016-12-12 04:03 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-12-24 22:05 - 2016-12-24 22:05 - 00000000 ____D C:\Users\p4too\AppData\Local\2K Games
2016-12-24 22:04 - 2016-12-24 22:04 - 00000000 ____D C:\ProgramData\Steam
2016-12-24 21:48 - 2016-12-24 22:06 - 00000000 ____D C:\MAFIA 3 CZ

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 13:50 - 2016-09-17 12:44 - 00000000 ____D C:\Users\p4too\AppData\Local\ClassicShell
2017-01-18 13:47 - 2016-09-17 15:38 - 02148802 _____ C:\Windows\system32\perfh01B.dat
2017-01-18 13:47 - 2016-09-17 15:38 - 00645398 _____ C:\Windows\system32\perfc01B.dat
2017-01-18 13:47 - 2016-09-17 12:25 - 05087438 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-18 13:41 - 2016-10-03 16:28 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-18 13:41 - 2016-09-17 12:26 - 00000000 __SHD C:\Users\p4too\IntelGraphicsProfiles
2017-01-18 13:41 - 2016-09-17 12:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-18 13:41 - 2016-09-17 12:18 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 13:37 - 2016-07-16 07:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-01-18 13:34 - 2016-09-17 13:38 - 00000000 ____D C:\Users\p4too\AppData\Local\CrashDumps
2017-01-18 13:34 - 2016-07-16 12:44 - 00000000 ____D C:\Windows\INF
2017-01-18 13:32 - 2016-09-17 12:17 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-18 12:25 - 2016-09-17 13:37 - 00000000 ____D C:\Users\p4too\AppData\Roaming\uTorrent
2017-01-18 12:04 - 2016-12-12 20:09 - 00000000 ____D C:\Projects
2017-01-18 11:36 - 2016-07-16 07:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-01-18 11:24 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2017-01-18 11:24 - 2016-06-02 22:39 - 00134880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-01-18 11:19 - 2016-07-16 12:45 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-18 11:14 - 2016-11-26 21:25 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Skype
2017-01-18 11:12 - 2016-09-18 21:06 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-01-18 11:12 - 2016-09-17 15:57 - 00000000 ____D C:\Program Files (x86)\JetBrains
2017-01-18 06:15 - 2016-09-17 12:31 - 00000000 ____D C:\Users\p4too\AppData\Roaming\AIMP
2017-01-17 19:10 - 2016-09-17 15:49 - 00000000 ____D C:\Users\p4too\Documents\Visual Studio 2015
2017-01-14 15:52 - 2016-07-16 12:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-14 15:52 - 2016-07-16 12:45 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-14 15:51 - 2016-09-17 13:52 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-10 18:23 - 2016-09-17 13:17 - 00000000 ____D C:\Windows\Panther
2017-01-10 18:23 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-09 20:29 - 2016-09-17 12:22 - 00000000 ____D C:\Users\p4too\AppData\Local\Packages
2017-01-05 00:15 - 2016-10-01 18:32 - 00000600 _____ C:\Users\p4too\AppData\Roaming\winscp.rnd
2017-01-01 22:53 - 2016-09-17 12:21 - 00000000 ____D C:\Users\p4too
2016-12-31 21:48 - 2016-09-17 14:12 - 00000000 ____D C:\Users\p4too\AppData\Local\PokerStars.EU
2016-12-31 21:44 - 2016-10-06 18:24 - 00000000 ____D C:\Users\p4too\Documents\Toad Data Modeler
2016-12-31 21:44 - 2016-10-06 18:24 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Dell
2016-12-31 21:29 - 2016-09-17 15:40 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-12-31 17:34 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\config
2016-12-30 13:00 - 2016-09-17 12:18 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 13:00 - 2016-09-17 12:18 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-30 13:00 - 2016-07-16 07:04 - 42205184 _____ C:\Windows\system32\config\COMPONENTS
2016-12-27 12:45 - 2016-09-17 13:56 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Nitro
2016-12-26 10:22 - 2016-09-17 12:18 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-26 10:20 - 2016-09-17 12:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-26 10:20 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\WinSxS
2016-12-26 10:19 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\SysWOW64
2016-12-25 17:07 - 2016-09-17 12:49 - 00000000 ____D C:\Users\p4too\AppData\Local\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:48 - 00000000 ____D C:\Users\p4too\AppData\Local\NVIDIA
2016-12-25 16:52 - 2016-09-17 12:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-24 13:37 - 2016-11-22 19:36 - 00000000 ____D C:\Users\p4too\AppData\Local\Diagnostics

==================== Files in the root of some directories =======

2017-01-18 11:13 - 2017-01-18 11:13 - 0023622 _____ () C:\Users\p4too\AppData\Roaming\aliexpress.ico
2017-01-18 11:13 - 2017-01-18 11:13 - 0099678 _____ () C:\Users\p4too\AppData\Roaming\booking.ico
2016-10-01 18:32 - 2017-01-05 00:15 - 0000600 _____ () C:\Users\p4too\AppData\Roaming\winscp.rnd
2016-09-20 18:12 - 2016-10-16 15:10 - 0000600 _____ () C:\Users\p4too\AppData\Local\PUTTY.RND
2016-09-17 12:22 - 2016-09-17 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 18:02

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:222.91 GB) (Free:140.37 GB) NTFS

Available physical RAM: 7232.23 MB
Total physical RAM: 10152.27 MB
Percentage of memory in use: 28%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]

==================== Security Center ==================

AV: Kaspersky Total Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\p4too\Desktop" je 5 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lync
"c:\program files\microsoft office\root\office16\lync.exe" /fromrunkey [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsDefender
ECHO is off.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Re: Virus reklamy

Napsal: 18 led 2017 14:08
od p4to
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by p4too (18-01-2017 14:04:35)
Running from C:\Users\p4too\Desktop
Windows 10 Pro N Version 1607 (X64) (2016-09-17 11:20:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3402369080-3581635727-2017991681-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3402369080-3581635727-2017991681-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3402369080-3581635727-2017991681-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3402369080-3581635727-2017991681-501 - Limited - Disabled)
p4too (S-1-5-21-3402369080-3581635727-2017991681-1001 - Administrator - Enabled) => C:\Users\p4too

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AIMP (HKLM-x32\...\AIMP) (Version: v4.10.1831, 31.08.2016 - AIMP DevTeam)
Aktualizácie NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ExpanDrive (HKLM-x32\...\{2C951F50-1BEB-4872-A958-46D9FC57EDD1}) (Version: 4.3.1 - ExpanDrive, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Git version 2.9.2 (HKLM\...\Git_is1) (Version: 2.9.2 - The Git Development Community)
Google Chrome (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Google Chrome) (Version: 55.0.2883.87 - Spoločnosť Google Inc.)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
JetBrains dotCover 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{6a90de0b-7417-5b69-a300-95097fab9c6e}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotMemory 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{1a9ab75b-ad3f-5b14-902d-686ae364cb5e}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotPeek 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{74577882-de65-576a-a99d-1ee8fe04c0b3}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotTrace 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{c5f78a37-6132-5088-9e70-272c9ff60621}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains ETW Host Service (x32 Version: 106.0.4.0 - JetBrains s.r.o) Hidden
JetBrains ReSharper Ultimate in Visual Studio 2015 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{02ee0a0e-7567-5503-9c73-1d5e05353513}) (Version: 2016.2.2 - JetBrains s.r.o.)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
MAFIA 3 CZ Reloaded v.1.050.0.1 Update 5. (HKLM-x32\...\MAFIA 3 CZ Reloaded v.1.050.0.1 Update 5.) (Version: Reloaded v.1.050.0.1 Update 5. - Libbi)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - sk-sk (HKLM\...\O365ProPlusRetail - sk-sk) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Project Professional 2016 - sk-sk (HKLM\...\ProjectProRetail - sk-sk) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{e2ccc441-0cf4-43f1-9306-c3c1c6cd4ce3}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Thunderbird 45.3.0 (x86 sk) (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Mozilla Thunderbird 45.3.0 (x86 sk)) (Version: 45.3.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Grafický ovládač 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.1.0720 - Oracle Corporation)
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden
Oracle Developer Tools for Visual Studio 2015 (HKLM-x32\...\InstallShield_{57AD4E0E-0073-4B28-8007-772677291F4A}) (Version: 12.1.2500 - Oracle Corporation)
Oracle Developer Tools for Visual Studio 2015 (x32 Version: 12.1.2500 - Oracle Corporation) Hidden
Oracle Developer Tools for Visual Studio Help (HKLM-x32\...\{09F700C6-A221-420F-AEA7-7181D41C01AE}) (Version: 11.1.0720 - Oracle)
Oracle Providers for ASP.NET Help (HKLM-x32\...\{C3699479-F9D7-48A8-B210-B1BA3949F3FE}) (Version: 11.1.0720 - Oracle Corporation)
Ovládací panel NVIDIA 376.33 (Version: 376.33 - NVIDIA Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{38F77E83-88F9-4CBD-8B54-6A6414E5F1C6}\InprocServer32 -> C:\Users\p4too\AppData\Local\JetBrains\Installations\ReSharperPlatformVs14\x64\JetBrains.Profiler.Windows.Core.dll (JetBrains s.r.o)
CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B70CEE-C215-4E3D-8983-2D87B1E99961} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {21F98741-CBD6-4EAA-9735-C46FA915A8C5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {2B25BE92-9818-4B22-A634-CD847ADDE1C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {3673F438-7B77-42B7-9FE7-B11080DEF2E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {43210AA5-4C5E-4F63-BCAF-DDDF5B0A564F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {4741FC18-1CED-4D8A-B96F-9472E6151D51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402369080-3581635727-2017991681-1001Core => C:\Users\p4too\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-17] (Google Inc.)
Task: {544BD6AE-92CA-4473-ACC1-BF0205410982} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {546785A3-DE96-4F40-9CE0-E5D3122EE90E} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
Task: {5D5A49EB-FB83-41D1-A95F-A798C97BC349} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {7700DF24-6FFE-4D0A-A062-A81AB06D76FF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {87A6FBC0-56A2-4D33-9BC8-9F8C690A81A2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {A309165E-2F61-4E7F-9D3A-06314661EFBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {A3485631-D5C8-479E-823F-4C701FCA0143} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {A860604C-E430-47BE-8BF6-1AF5DD2C29CC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {AA739278-2B1A-4A1F-9460-3E651675FCE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402369080-3581635727-2017991681-1001UA => C:\Users\p4too\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-17] (Google Inc.)
Task: {ADA24B70-5DB6-4320-908D-A1C286DD6813} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B9FC88CC-86EC-4D0F-8C00-F70C715B99DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {D3435EC5-C694-4699-8E17-67C57AB0B163} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {E8D91808-E80B-4CF6-833F-1795FB59D3C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EA0F6E86-0DEF-4198-AEEA-CFD60BD6169C} - System32\Tasks\Jerjatstervele Server => C:\Program Files (x86)\Habing\coerlesh.exe
Task: {F4C390CC-2088-4BF2-A4CA-5BB7DD240AE9} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== ATTENTION
Task: {F68A9AC8-0833-4B9C-9DC8-C8DB876D43C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:41 - 2016-07-16 12:41 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-29 20:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-18 11:12 - 2017-01-18 11:12 - 00292352 ____H () C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll
2016-09-17 12:24 - 2016-12-11 19:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-09-29 20:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00867936 _____ () C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00134752 _____ () C:\Program Files (x86)\ExpanDrive\ExpanDriveShellUtil.x64.dll
2016-09-17 15:21 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 18:41 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-28 11:44 - 2016-10-15 04:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-28 11:44 - 2016-10-15 04:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-04 12:20 - 2015-06-04 12:20 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-11-12 09:59 - 2013-11-12 09:59 - 00033224 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\expandrivedw.exe
2016-12-15 19:46 - 2016-12-08 09:03 - 02412888 _____ () C:\Users\p4too\AppData\Local\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 19:46 - 2016-12-08 09:03 - 00099672 _____ () C:\Users\p4too\AppData\Local\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-11 21:12 - 2017-01-11 21:12 - 31167576 _____ () C:\Users\p4too\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-25 16:52 - 2016-12-12 04:03 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-02-04 14:06 - 2015-02-04 14:06 - 00472160 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 20928608 _____ () C:\Program Files (x86)\ExpanDrive\libcef.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00289376 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.WinForms.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00099424 _____ () C:\Program Files (x86)\ExpanDrive\StrongTray.dll
2013-11-12 09:59 - 2013-11-12 09:59 - 00366536 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_hashlib.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00051144 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_socket.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00883656 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_ssl.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00692168 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\unicodedata.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00093128 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_ctypes.pyd
2015-02-04 14:06 - 2015-02-04 14:06 - 00169472 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\libexfs.dll
2013-11-12 09:59 - 2013-11-12 09:59 - 00016328 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\select.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00009728 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Random\OSRNG\winrandom.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00010240 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Util\_counter.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00029184 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_AES.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00054272 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_DES3.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00019968 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_Blowfish.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00008704 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_ARC4.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-14 17:30 - 2017-01-18 11:25 - 00000147 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Lync => "c:\program files\microsoft office\root\office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: OneDrive =>
MSCONFIG\startupreg: Skype => "c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: WindowsDefender =>
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{A5534E9C-2D62-4CAA-98CF-DDD8BED23AF9}C:\users\p4too\appdata\roaming\utorrent\utorrent.exe] => C:\users\p4too\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5BD2CA66-9570-4F72-9828-5CF5E6B7BB3F}C:\users\p4too\appdata\roaming\utorrent\utorrent.exe] => C:\users\p4too\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E5703B2F-393F-4136-9CD1-A396302B8B42}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4E05C306-4C1F-47B0-A68C-C2E79B23F24F}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E82912B5-A650-4AB4-81A8-676F48F51CA2}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{C746E3D3-3439-4D48-BD68-E8BAEC8EA49E}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F62D8D04-0574-4FD4-8100-B8BCDACD4A88}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F8ED8B32-FF1D-461E-8C18-DCD9BF8089FF}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{5788B74C-EF33-408B-ADC3-687922946B4E}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E2B9DBD9-F5CE-4C42-B0E9-BB2DCF720942}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{92F1C44F-B7AF-4425-90ED-73EA221D9F03}C:\users\p4too\appdata\local\google\chrome\application\chrome.exe] => C:\users\p4too\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5DEC7ADD-E63F-4201-A9B6-E80D4795BD45}C:\users\p4too\appdata\local\google\chrome\application\chrome.exe] => C:\users\p4too\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{F23F48F7-483E-44D1-8C6E-E0F2484A606B}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{37E7B185-1E71-4CB3-8D21-6C07DCD8A0AC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{42B2CBA2-4754-4769-AE4B-93024FAA8C65}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{42A2B065-DC4C-4111-B034-8B2AFF208FEE}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8302550E-D509-48AE-B244-3C1700D1EB0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{865F6D58-B6AD-4B7B-8395-C346F5499783}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3CE6EAA-1B2E-49FC-A178-8FAD9EFC5355}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6EE1D728-724E-41F9-B5CA-095071DE15F8}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F691A797-FDD5-4367-A33C-0AAF55D3821E}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B1B53C9A-9523-480E-B792-8A1A952ACFF0}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{9D931AE9-5853-43A6-9759-EF5ECBE89645}C:\users\p4too\appdata\roaming\spotify\spotify.exe] => C:\users\p4too\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B3A4C07-3E3C-48DA-8E4F-5225C943A364}C:\users\p4too\appdata\roaming\spotify\spotify.exe] => C:\users\p4too\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

01-01-2017 22:53:24 Installed Dell™ Toad™ Data Modeler Freeware
10-01-2017 15:17:31 Scheduled Checkpoint
17-01-2017 18:08:09 Scheduled Checkpoint
18-01-2017 10:53:04 Revo Uninstaller Pro's restore point - TeamSpeak 3 Client
18-01-2017 11:06:50 Revo Uninstaller Pro's restore point - Nitro Pro 8
18-01-2017 11:06:58 Removed Nitro Pro 8
18-01-2017 11:41:03 Removed Online.io Application
18-01-2017 12:09:16 Revo Uninstaller Pro's restore point -
18-01-2017 12:12:30 Revo Uninstaller Pro's restore point - Traffic Exchange
18-01-2017 12:12:39 Removed Traffic Exchange
18-01-2017 12:26:54 Revo Uninstaller Pro's restore point -
18-01-2017 12:28:15 Revo Uninstaller Pro's restore point -
18-01-2017 12:28:53 Revo Uninstaller Pro's restore point -
18-01-2017 12:30:52 Revo Uninstaller Pro's restore point -

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11ac Network Adapter
Description: Broadcom 802.11ac Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2017 12:30:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:30:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:28:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:28:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:28:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:26:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:26:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: GDI32.dll, verzia: 10.0.14393.206, časová značka: 0x57dad2ca
Kód výnimky: 0xc000041d
Odstup chyby: 0x00003e82
Identifikácia chybujúceho procesu: 0x5e14
Čas spustenia chybujúcej aplikácie: 0x01d2717d8b173326
Cesta chybujúcej aplikácie: C:\Users\p4too\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\Windows\System32\GDI32.dll
Identifikácia hlásenia: 61dc7692-9401-4bb2-b053-415c6f2ee6dc
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/18/2017 12:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.351, časová značka: 0x5801a3a8
Kód výnimky: 0xc0000005
Odstup chyby: 0x00044f9e
Identifikácia chybujúceho procesu: 0x5e14
Čas spustenia chybujúcej aplikácie: 0x01d2717d8b173326
Cesta chybujúcej aplikácie: C:\Users\p4too\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: e7d48b19-eacb-415d-81ba-882612ee0814
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/18/2017 01:42:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2017 01:42:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2017 01:41:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2017 01:41:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba KuaizipUpdateChecker bola ukončená s nasledujúcou chybou:
The specified module could not be found.

Error: (01/18/2017 01:41:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Prijik bola ukončená s nasledujúcou chybou:
The specified module could not be found.

Error: (01/18/2017 01:41:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby OracleServiceXE zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/18/2017 01:41:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/18/2017 12:05:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Double Quotes Airline sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/18/2017 12:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2017 11:36:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Interactive Services Detection bola ukončená s nasledujúcou chybou:
Incorrect function.


CodeIntegrity:
===================================
Date: 2017-01-18 11:36:43.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:36:43.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:36:09.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:13:52.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:13:09.311
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-17 18:02:14.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 13:55:21.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-14 15:49:42.522
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-13 15:26:58.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-12 14:02:43.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 10152.27 MB
Available physical RAM: 7232.23 MB
Total Virtual: 10152.27 MB
Available Virtual: 7249.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.91 GB) (Free:140.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Virus reklamy

Napsal: 18 led 2017 18:28
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Virus reklamy

Napsal: 18 led 2017 19:51
od p4to
Diki za pomoc


# AdwCleaner v6.042 - *Logfile created 18/01/2017 *at 19:43:22
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-17.2 [*Server]
# *Operating System : Windows 10 Pro N (X64)
# *Username : p4too - DESKTOP-FSNBGS5
# *Running from : C:\Users\p4too\Desktop\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: KuaiZipDrive
[-] *Service deleted: KuaizipUpdateChecker


***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\p4too\AppData\Local\tuto_monetize_120170117
[-] *Folder deleted: C:\Users\p4too\AppData\Roaming\gplyra
[-] *Folder deleted: C:\Users\p4too\AppData\Roaming\Kuaizip
[-] *Folder deleted: C:\Users\p4too\AppData\Roaming\Softlink
[-] *Folder deleted: C:\Users\p4too\AppData\Roaming\Microleaves
[-] *Folder deleted: C:\Users\p4too\AppData\Local\app


***** [ *Files ] *****

[#] *File deleted: C:\Windows\SysNative\drivers\KuaiZipDrive.sys
[-] *File deleted: C:\Windows\run.vbs


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****

[-] *Task deleted: KuaiZip_Update


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Installer
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\MICROSOFT\OTUT
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\UCBrowserPID
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\AutoTime
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\KuaiZip
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\SNDA
[-] *Key deleted: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\MICROSOFT\wewewe
[#] *Key deleted on reboot: HKCU\Software\Installer
[#] *Key deleted on reboot: HKCU\Software\MICROSOFT\OTUT
[#] *Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: HKCU\Software\AutoTime
[#] *Key deleted on reboot: HKCU\Software\KuaiZip
[#] *Key deleted on reboot: HKCU\Software\SNDA
[#] *Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[-] *Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] *Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] *Key deleted: HKLM\SOFTWARE\Microleaves
[#] *Key deleted on reboot: [x64] HKCU\Software\Installer
[#] *Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\OTUT
[#] *Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] *Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] *Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] *Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] *Data restored: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\Windows\system32\userinit.exe,
[-] *Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\Windows\system32\userinit.exe,
[-] *Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gplyra]
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4217 *Bytes] - [18/01/2017 19:43:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [3990 *Bytes] - [18/01/2017 19:42:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4365 *Bytes] ##########

Re: Virus reklamy

Napsal: 18 led 2017 19:55
od Rudy
Dejte nový log FRST.

Re: Virus reklamy

Napsal: 18 led 2017 19:59
od p4to
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by p4too (administrator) on DESKTOP-FSNBGS5 (18-01-2017 19:56:58)
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Platform: Windows 10 Pro N Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ExpanDrive, Inc.) C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Mozilla Corporation) E:\SoftWare\Thunderbird\thunderbird.exe
() C:\Program Files (x86)\ExpanDrive\expandrive\expandrivedw.exe
() C:\Program Files (x86)\ExpanDrive\expandrive\expandrivedw.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-29] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1471072 2015-02-04] (ExpanDrive, Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-02] (Spotify Ltd)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\vlitza5s: C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll [292352 2017-01-18] ()
SSODL: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellExecuteHooks: No Name - {2B291F10-DB96-11E6-B994-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {9CF93BCF-F6A8-4625-A75C-2F8F67BA0D39} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll [2015-02-04] ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {9CF93BCF-F6A8-4625-A75C-2F8F67BA0D39} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe – odkaz.lnk [2016-09-20]
ShortcutTarget: thunderbird.exe – odkaz.lnk -> E:\SoftWare\Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{450fc5d8-0ece-4669-ae3b-2a1cd2e0fa44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [DhcpNameServer] 8.8.4.4 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-18] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-01-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=3 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=9 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=9227f5a8015421805b78 ... 5A&type=hp"
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-18] <==== ATTENTION
CHR Extension: (Prekladač Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-09-17]
CHR Extension: (Prezentácie Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
CHR Extension: (Dokumenty Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Disk Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
CHR Extension: (YouTube) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
CHR Extension: (Adblock Plus) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-12-23]
CHR Extension: (Tabuľky Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
CHR Extension: (Kaspersky Protection) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-01-18]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (AdBlock) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-18]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-18]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 jetbrainsetw.106.0.20160913.92350; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [1474624 2016-09-13] (JetBrains s.r.o)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S4 OracleJobSchedulerXE; e:\software\oracledatabase\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; E:\oracle\app\pato\product\11.1.0\client_1\bin\omtsreco.exe [69632 2009-08-12] (Oracle Corporation) [File not signed]
S2 OracleServiceXE; e:\software\oracledatabase\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; E:\SoftWare\OracleDatabase\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
S2 OracleXETNSListener; E:\SoftWare\OracleDatabase\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 Prijik; C:\Program Files (x86)\Habing\Srhcloud.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2017-01-18] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1019616 2017-01-18] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-18] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-01-18] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [85984 2017-01-18] ()
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [245512 2017-01-18] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [104720 2017-01-18] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [164888 2017-01-18] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [134880 2017-01-18] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-08-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 cbfs6-0; \??\E:\SoftWare\NetDrive\cbfs6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 19:41 - 2017-01-18 19:43 - 00000000 ____D C:\AdwCleaner
2017-01-18 19:34 - 2017-01-18 19:34 - 03988944 _____ C:\Users\p4too\Desktop\adwcleaner_6.042.exe
2017-01-18 14:57 - 2017-01-18 14:57 - 00002012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 10.lnk
2017-01-18 14:57 - 2017-01-18 14:57 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Downloaded Installations
2017-01-18 14:57 - 2017-01-18 14:57 - 00000000 ____D C:\Program Files\Nitro
2017-01-18 14:57 - 2017-01-18 14:57 - 00000000 ____D C:\Program Files\Common Files\Nitro
2017-01-18 14:57 - 2017-01-18 14:57 - 00000000 ____D C:\Program Files (x86)\Nitro
2017-01-18 14:57 - 2015-05-06 04:23 - 00031896 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon10.dll
2017-01-18 14:57 - 2015-05-06 04:23 - 00020120 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui10.dll
2017-01-18 14:04 - 2017-01-18 19:57 - 00024386 _____ C:\Users\p4too\Desktop\FRST.txt
2017-01-18 13:51 - 2017-01-18 19:56 - 00000000 ____D C:\FRST
2017-01-18 13:49 - 2017-01-18 13:49 - 02419200 _____ (Farbar) C:\Users\p4too\Desktop\FRST64.exe
2017-01-18 12:00 - 2017-01-18 12:00 - 00000000 ____D C:\Users\p4too\AppData\Roaming\NVIDIA
2017-01-18 11:41 - 2017-01-18 12:12 - 00000000 ____D C:\Users\p4too\AppData\Local\AdvinstAnalytics
2017-01-18 11:25 - 2017-01-18 11:25 - 00245512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00218920 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00164888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00104720 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2017-01-18 11:25 - 2017-01-18 11:25 - 00085984 _____ C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2017-01-18 11:20 - 2017-01-18 19:39 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-18 11:20 - 2017-01-18 11:36 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-01-18 11:20 - 2017-01-18 11:20 - 00002208 _____ C:\Users\Public\Desktop\Safe Money.lnk
2017-01-18 11:20 - 2017-01-18 11:20 - 00002184 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2017-01-18 11:20 - 2017-01-18 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2017-01-18 11:20 - 2017-01-18 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-01-18 11:20 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2017-01-18 11:19 - 2017-01-18 19:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-18 11:19 - 2017-01-18 11:25 - 01019616 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-01-18 11:19 - 2017-01-18 11:24 - 00435032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-01-18 11:19 - 2017-01-18 11:20 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-01-18 11:19 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-01-18 11:13 - 2017-01-18 11:27 - 00000000 ____D C:\Program Files\Q7F8DGH862
2017-01-18 11:13 - 2017-01-18 11:13 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2017-01-18 11:12 - 2017-01-18 13:41 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Phejutiontgersp
2017-01-18 11:12 - 2017-01-18 12:25 - 00000000 ____D C:\Program Files (x86)\Jerjatstervele Server
2017-01-18 11:12 - 2017-01-18 11:13 - 00000000 ____D C:\Users\p4too\AppData\Roaming\UCChannel
2017-01-18 11:12 - 2017-01-18 11:12 - 00006100 _____ C:\Windows\System32\Tasks\Jerjatstervele Server
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\p4too\AppData\Local\Mepock
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\Avira
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\Avg
2017-01-18 11:12 - 2017-01-18 11:12 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-14 15:52 - 2017-01-14 15:52 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-02 21:21 - 2017-01-18 19:34 - 00000000 ____D C:\Users\p4too\AppData\Local\Spotify
2017-01-02 21:21 - 2017-01-02 21:21 - 00001836 _____ C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-01-02 21:20 - 2017-01-18 18:59 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Spotify
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\Users\p4too\AppData\Local\VS Revo Group
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-01-01 22:22 - 2017-01-01 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-01 22:22 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-12-31 21:29 - 2016-12-31 21:29 - 00000000 ____D C:\ProgramData\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
2016-12-31 21:20 - 2016-12-31 21:20 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Quest Software
2016-12-25 16:52 - 2016-12-25 16:52 - 00004002 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003974 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003938 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003912 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003750 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00003708 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-25 16:52 - 2016-12-25 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-25 16:52 - 2016-12-12 04:03 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-12-25 16:51 - 2016-12-25 16:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-25 16:51 - 2016-12-12 04:03 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-25 16:51 - 2016-12-11 19:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-25 16:51 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-25 16:51 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-25 16:51 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-25 16:51 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-25 16:50 - 2016-12-25 16:51 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-25 16:49 - 2016-12-12 04:03 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 34710584 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 28201408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10803880 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 10353960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 09158616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 08761560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 02950200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 02587704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 01038392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00974784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00942528 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00894400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00802768 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00643928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00394888 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00327408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-12-25 16:49 - 2016-12-12 04:03 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-12-25 16:49 - 2016-12-12 04:03 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-12-25 16:49 - 2016-12-12 04:03 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-12-24 22:05 - 2016-12-24 22:05 - 00000000 ____D C:\Users\p4too\AppData\Local\2K Games
2016-12-24 22:04 - 2016-12-24 22:04 - 00000000 ____D C:\ProgramData\Steam
2016-12-24 21:48 - 2016-12-24 22:06 - 00000000 ____D C:\MAFIA 3 CZ

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 19:52 - 2016-09-17 15:38 - 02178366 _____ C:\Windows\system32\perfh01B.dat
2017-01-18 19:52 - 2016-09-17 15:38 - 00654206 _____ C:\Windows\system32\perfc01B.dat
2017-01-18 19:52 - 2016-09-17 12:25 - 05144714 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-18 19:50 - 2016-09-17 12:44 - 00000000 ____D C:\Users\p4too\AppData\Local\ClassicShell
2017-01-18 19:48 - 2016-10-03 16:28 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-18 19:48 - 2016-09-17 12:26 - 00000000 __SHD C:\Users\p4too\IntelGraphicsProfiles
2017-01-18 19:48 - 2016-09-17 12:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-18 19:48 - 2016-09-17 12:18 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 19:44 - 2016-07-16 07:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-01-18 19:34 - 2016-09-17 13:37 - 00000000 ____D C:\Users\p4too\AppData\Roaming\uTorrent
2017-01-18 19:32 - 2016-09-17 12:17 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-18 15:53 - 2016-09-17 12:22 - 00000000 ____D C:\Users\p4too\AppData\Local\Packages
2017-01-18 13:34 - 2016-09-17 13:38 - 00000000 ____D C:\Users\p4too\AppData\Local\CrashDumps
2017-01-18 13:34 - 2016-07-16 12:44 - 00000000 ____D C:\Windows\INF
2017-01-18 12:04 - 2016-12-12 20:09 - 00000000 ____D C:\Projects
2017-01-18 11:36 - 2016-07-16 07:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-01-18 11:24 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2017-01-18 11:24 - 2016-06-02 22:39 - 00134880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-01-18 11:19 - 2016-07-16 12:45 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-18 11:14 - 2016-11-26 21:25 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Skype
2017-01-18 11:12 - 2016-09-18 21:06 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-01-18 11:12 - 2016-09-17 15:57 - 00000000 ____D C:\Program Files (x86)\JetBrains
2017-01-18 06:15 - 2016-09-17 12:31 - 00000000 ____D C:\Users\p4too\AppData\Roaming\AIMP
2017-01-17 19:10 - 2016-09-17 15:49 - 00000000 ____D C:\Users\p4too\Documents\Visual Studio 2015
2017-01-14 15:52 - 2016-07-16 12:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-14 15:52 - 2016-07-16 12:45 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-14 15:51 - 2016-09-17 13:52 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-10 18:23 - 2016-09-17 13:17 - 00000000 ____D C:\Windows\Panther
2017-01-10 18:23 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-05 00:15 - 2016-10-01 18:32 - 00000600 _____ C:\Users\p4too\AppData\Roaming\winscp.rnd
2017-01-01 22:53 - 2016-09-17 12:21 - 00000000 ____D C:\Users\p4too
2016-12-31 21:48 - 2016-09-17 14:12 - 00000000 ____D C:\Users\p4too\AppData\Local\PokerStars.EU
2016-12-31 21:44 - 2016-10-06 18:24 - 00000000 ____D C:\Users\p4too\Documents\Toad Data Modeler
2016-12-31 21:44 - 2016-10-06 18:24 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Dell
2016-12-31 21:29 - 2016-09-17 15:40 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-12-31 17:34 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\config
2016-12-30 13:00 - 2016-09-17 12:18 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 13:00 - 2016-09-17 12:18 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-30 13:00 - 2016-07-16 07:04 - 42205184 _____ C:\Windows\system32\config\COMPONENTS
2016-12-27 12:45 - 2016-09-17 13:56 - 00000000 ____D C:\Users\p4too\AppData\Roaming\Nitro
2016-12-26 10:22 - 2016-09-17 12:18 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f5b135ec-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-26 10:20 - 2016-09-17 12:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-26 10:20 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\WinSxS
2016-12-26 10:19 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\SysWOW64
2016-12-25 17:07 - 2016-09-17 12:49 - 00000000 ____D C:\Users\p4too\AppData\Local\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:48 - 00000000 ____D C:\Users\p4too\AppData\Local\NVIDIA
2016-12-25 16:52 - 2016-09-17 12:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-25 16:52 - 2016-09-17 12:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-24 13:37 - 2016-11-22 19:36 - 00000000 ____D C:\Users\p4too\AppData\Local\Diagnostics

==================== Files in the root of some directories =======

2017-01-18 11:13 - 2017-01-18 11:13 - 0023622 _____ () C:\Users\p4too\AppData\Roaming\aliexpress.ico
2017-01-18 11:13 - 2017-01-18 11:13 - 0099678 _____ () C:\Users\p4too\AppData\Roaming\booking.ico
2016-10-01 18:32 - 2017-01-05 00:15 - 0000600 _____ () C:\Users\p4too\AppData\Roaming\winscp.rnd
2016-09-20 18:12 - 2016-10-16 15:10 - 0000600 _____ () C:\Users\p4too\AppData\Local\PUTTY.RND
2016-09-17 12:22 - 2016-09-17 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 18:02

==================== End of FRST.txt ============================

Re: Virus reklamy

Napsal: 18 led 2017 20:00
od p4to
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by p4too (18-01-2017 19:57:34)
Running from C:\Users\p4too\Desktop
Windows 10 Pro N Version 1607 (X64) (2016-09-17 11:20:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3402369080-3581635727-2017991681-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3402369080-3581635727-2017991681-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3402369080-3581635727-2017991681-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3402369080-3581635727-2017991681-501 - Limited - Disabled)
p4too (S-1-5-21-3402369080-3581635727-2017991681-1001 - Administrator - Enabled) => C:\Users\p4too

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AIMP (HKLM-x32\...\AIMP) (Version: v4.10.1831, 31.08.2016 - AIMP DevTeam)
Aktualizácie NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ExpanDrive (HKLM-x32\...\{2C951F50-1BEB-4872-A958-46D9FC57EDD1}) (Version: 4.3.1 - ExpanDrive, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Git version 2.9.2 (HKLM\...\Git_is1) (Version: 2.9.2 - The Git Development Community)
Google Chrome (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Google Chrome) (Version: 55.0.2883.87 - Spoločnosť Google Inc.)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
JetBrains dotCover 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{6a90de0b-7417-5b69-a300-95097fab9c6e}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotMemory 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{1a9ab75b-ad3f-5b14-902d-686ae364cb5e}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotPeek 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{74577882-de65-576a-a99d-1ee8fe04c0b3}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains dotTrace 2016.2.2 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{c5f78a37-6132-5088-9e70-272c9ff60621}) (Version: 2016.2.2 - JetBrains s.r.o.)
JetBrains ETW Host Service (x32 Version: 106.0.4.0 - JetBrains s.r.o) Hidden
JetBrains ReSharper Ultimate in Visual Studio 2015 (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\{02ee0a0e-7567-5503-9c73-1d5e05353513}) (Version: 2016.2.2 - JetBrains s.r.o.)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
MAFIA 3 CZ Reloaded v.1.050.0.1 Update 5. (HKLM-x32\...\MAFIA 3 CZ Reloaded v.1.050.0.1 Update 5.) (Version: Reloaded v.1.050.0.1 Update 5. - Libbi)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - sk-sk (HKLM\...\O365ProPlusRetail - sk-sk) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Project Professional 2016 - sk-sk (HKLM\...\ProjectProRetail - sk-sk) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{e2ccc441-0cf4-43f1-9306-c3c1c6cd4ce3}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Thunderbird 45.3.0 (x86 sk) (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Mozilla Thunderbird 45.3.0 (x86 sk)) (Version: 45.3.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Nitro Pro 10 (HKLM\...\{C78478E6-8206-470E-B843-0204995371C6}) (Version: 10.5.1.17 - Nitro)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Grafický ovládač 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.1.0720 - Oracle Corporation)
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden
Oracle Developer Tools for Visual Studio 2015 (HKLM-x32\...\InstallShield_{57AD4E0E-0073-4B28-8007-772677291F4A}) (Version: 12.1.2500 - Oracle Corporation)
Oracle Developer Tools for Visual Studio 2015 (x32 Version: 12.1.2500 - Oracle Corporation) Hidden
Oracle Developer Tools for Visual Studio Help (HKLM-x32\...\{09F700C6-A221-420F-AEA7-7181D41C01AE}) (Version: 11.1.0720 - Oracle)
Oracle Providers for ASP.NET Help (HKLM-x32\...\{C3699479-F9D7-48A8-B210-B1BA3949F3FE}) (Version: 11.1.0720 - Oracle Corporation)
Ovládací panel NVIDIA 376.33 (Version: 376.33 - NVIDIA Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{38F77E83-88F9-4CBD-8B54-6A6414E5F1C6}\InprocServer32 -> C:\Users\p4too\AppData\Local\JetBrains\Installations\ReSharperPlatformVs14\x64\JetBrains.Profiler.Windows.Core.dll (JetBrains s.r.o)
CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21F98741-CBD6-4EAA-9735-C46FA915A8C5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {2B25BE92-9818-4B22-A634-CD847ADDE1C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {3673F438-7B77-42B7-9FE7-B11080DEF2E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {43210AA5-4C5E-4F63-BCAF-DDDF5B0A564F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {4741FC18-1CED-4D8A-B96F-9472E6151D51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402369080-3581635727-2017991681-1001Core => C:\Users\p4too\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-17] (Google Inc.)
Task: {544BD6AE-92CA-4473-ACC1-BF0205410982} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {546785A3-DE96-4F40-9CE0-E5D3122EE90E} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
Task: {7700DF24-6FFE-4D0A-A062-A81AB06D76FF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {87A6FBC0-56A2-4D33-9BC8-9F8C690A81A2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {A3485631-D5C8-479E-823F-4C701FCA0143} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {A860604C-E430-47BE-8BF6-1AF5DD2C29CC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {AA739278-2B1A-4A1F-9460-3E651675FCE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3402369080-3581635727-2017991681-1001UA => C:\Users\p4too\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-17] (Google Inc.)
Task: {B9FC88CC-86EC-4D0F-8C00-F70C715B99DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {D3435EC5-C694-4699-8E17-67C57AB0B163} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {EA0F6E86-0DEF-4198-AEEA-CFD60BD6169C} - System32\Tasks\Jerjatstervele Server => C:\Program Files (x86)\Habing\coerlesh.exe
Task: {F68A9AC8-0833-4B9C-9DC8-C8DB876D43C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:41 - 2016-07-16 12:41 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-29 20:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-18 11:12 - 2017-01-18 11:12 - 00292352 ____H () C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-05-06 04:23 - 2015-05-06 04:23 - 00418968 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 02543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2016-09-17 12:24 - 2016-12-11 19:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00867936 _____ () C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00134752 _____ () C:\Program Files (x86)\ExpanDrive\ExpanDriveShellUtil.x64.dll
2016-09-17 15:21 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 18:41 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-28 11:44 - 2016-10-15 04:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-28 11:44 - 2016-10-15 04:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-28 11:44 - 2016-10-15 04:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-04 12:20 - 2015-06-04 12:20 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-11-12 09:59 - 2013-11-12 09:59 - 00033224 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\expandrivedw.exe
2016-12-15 19:46 - 2016-12-08 09:03 - 02412888 _____ () C:\Users\p4too\AppData\Local\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 19:46 - 2016-12-08 09:03 - 00099672 _____ () C:\Users\p4too\AppData\Local\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-25 16:52 - 2016-12-12 04:03 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-25 16:52 - 2016-12-12 04:03 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-25 16:52 - 2016-12-12 04:03 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-02-04 14:06 - 2015-02-04 14:06 - 00472160 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 20928608 _____ () C:\Program Files (x86)\ExpanDrive\libcef.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00289376 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.WinForms.dll
2015-02-04 14:06 - 2015-02-04 14:06 - 00099424 _____ () C:\Program Files (x86)\ExpanDrive\StrongTray.dll
2013-11-12 09:59 - 2013-11-12 09:59 - 00366536 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_hashlib.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00051144 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_socket.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00883656 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_ssl.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00692168 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\unicodedata.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00093128 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_ctypes.pyd
2015-02-04 14:06 - 2015-02-04 14:06 - 00169472 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\libexfs.dll
2013-11-12 09:59 - 2013-11-12 09:59 - 00016328 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\select.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00009728 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Random\OSRNG\winrandom.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00010240 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Util\_counter.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00029184 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_AES.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00054272 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_DES3.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00019968 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_Blowfish.pyd
2014-04-22 10:33 - 2014-04-22 10:33 - 00008704 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\lib\Crypto\Cipher\_ARC4.pyd
2013-11-12 09:59 - 2013-11-12 09:59 - 00134600 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\_elementtree.pyd
2014-01-15 11:57 - 2014-01-15 11:57 - 00127488 _____ () C:\Program Files (x86)\ExpanDrive\expandrive\pyexpat.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-14 17:30 - 2017-01-18 11:25 - 00000147 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Lync => "c:\program files\microsoft office\root\office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: OneDrive =>
MSCONFIG\startupreg: Skype => "c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: WindowsDefender =>
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{A5534E9C-2D62-4CAA-98CF-DDD8BED23AF9}C:\users\p4too\appdata\roaming\utorrent\utorrent.exe] => C:\users\p4too\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5BD2CA66-9570-4F72-9828-5CF5E6B7BB3F}C:\users\p4too\appdata\roaming\utorrent\utorrent.exe] => C:\users\p4too\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E5703B2F-393F-4136-9CD1-A396302B8B42}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4E05C306-4C1F-47B0-A68C-C2E79B23F24F}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E82912B5-A650-4AB4-81A8-676F48F51CA2}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{C746E3D3-3439-4D48-BD68-E8BAEC8EA49E}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F62D8D04-0574-4FD4-8100-B8BCDACD4A88}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F8ED8B32-FF1D-461E-8C18-DCD9BF8089FF}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{5788B74C-EF33-408B-ADC3-687922946B4E}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E2B9DBD9-F5CE-4C42-B0E9-BB2DCF720942}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{92F1C44F-B7AF-4425-90ED-73EA221D9F03}C:\users\p4too\appdata\local\google\chrome\application\chrome.exe] => C:\users\p4too\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5DEC7ADD-E63F-4201-A9B6-E80D4795BD45}C:\users\p4too\appdata\local\google\chrome\application\chrome.exe] => C:\users\p4too\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{F23F48F7-483E-44D1-8C6E-E0F2484A606B}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{37E7B185-1E71-4CB3-8D21-6C07DCD8A0AC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{42B2CBA2-4754-4769-AE4B-93024FAA8C65}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{42A2B065-DC4C-4111-B034-8B2AFF208FEE}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8302550E-D509-48AE-B244-3C1700D1EB0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{865F6D58-B6AD-4B7B-8395-C346F5499783}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3CE6EAA-1B2E-49FC-A178-8FAD9EFC5355}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6EE1D728-724E-41F9-B5CA-095071DE15F8}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F691A797-FDD5-4367-A33C-0AAF55D3821E}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B1B53C9A-9523-480E-B792-8A1A952ACFF0}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{9D931AE9-5853-43A6-9759-EF5ECBE89645}C:\users\p4too\appdata\roaming\spotify\spotify.exe] => C:\users\p4too\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B3A4C07-3E3C-48DA-8E4F-5225C943A364}C:\users\p4too\appdata\roaming\spotify\spotify.exe] => C:\users\p4too\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

01-01-2017 22:53:24 Installed Dell™ Toad™ Data Modeler Freeware
10-01-2017 15:17:31 Scheduled Checkpoint
17-01-2017 18:08:09 Scheduled Checkpoint
18-01-2017 10:53:04 Revo Uninstaller Pro's restore point - TeamSpeak 3 Client
18-01-2017 11:06:50 Revo Uninstaller Pro's restore point - Nitro Pro 8
18-01-2017 11:06:58 Removed Nitro Pro 8
18-01-2017 11:41:03 Removed Online.io Application
18-01-2017 12:09:16 Revo Uninstaller Pro's restore point -
18-01-2017 12:12:30 Revo Uninstaller Pro's restore point - Traffic Exchange
18-01-2017 12:12:39 Removed Traffic Exchange
18-01-2017 12:26:54 Revo Uninstaller Pro's restore point -
18-01-2017 12:28:15 Revo Uninstaller Pro's restore point -
18-01-2017 12:28:53 Revo Uninstaller Pro's restore point -
18-01-2017 12:30:52 Revo Uninstaller Pro's restore point -
18-01-2017 14:57:38 Installed Nitro Pro 10

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11ac Network Adapter
Description: Broadcom 802.11ac Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2017 07:20:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NisSrv.exe, verzia: 4.10.14393.0, časová značka: 0x57899ac8
Názov chybujúceho modulu: NisSrv.exe, verzia: 4.10.14393.0, časová značka: 0x57899ac8
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000001a926
Identifikácia chybujúceho procesu: 0x1820
Čas spustenia chybujúcej aplikácie: 0x01d27189526db196
Cesta chybujúcej aplikácie: C:\Program Files\Windows Defender\NisSrv.exe
Cesta chybujúceho modulu: C:\Program Files\Windows Defender\NisSrv.exe
Identifikácia hlásenia: 6c1a3189-477f-40c5-a98b-47be43dd0277
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/18/2017 02:57:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:30:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:30:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:28:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:28:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:28:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}

Error: (01/18/2017 12:26:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2017 12:26:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9e33d454-cfb6-4978-a38b-71282dfe1c93}


System errors:
=============
Error: (01/18/2017 07:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2017 07:48:43 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume113

Error: (01/18/2017 07:48:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Prijik bola ukončená s nasledujúcou chybou:
The specified module could not be found.

Error: (01/18/2017 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby OracleServiceXE zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/18/2017 07:48:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/18/2017 07:43:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správca riadenia služieb sa po neočakávanom ukončení služby Windows Search pokúsil vykonať opravnú akciu (Reštartovať službu), ale táto činnosť zlyhala s nasledujúcou chybou:
An instance of the service is already running.

Error: (01/18/2017 07:43:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Kaspersky Secure Connection Service 1.0.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/18/2017 07:43:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/18/2017 07:43:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/18/2017 07:43:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 1000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


CodeIntegrity:
===================================
Date: 2017-01-18 19:20:47.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-18 19:20:47.234
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-18 16:02:01.642
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-18 11:36:43.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:36:43.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:36:09.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:13:52.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-18 11:13:09.311
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-17 18:02:14.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 13:55:21.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 10152.27 MB
Available physical RAM: 6549.81 MB
Total Virtual: 10152.27 MB
Available Virtual: 6683.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.91 GB) (Free:137.61 GB) NTFS
Drive d: (Windows) (Fixed) (Total:43.81 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:884.95 GB) (Free:329.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BC5584D7)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Virus reklamy

Napsal: 18 led 2017 20:16
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
Task: {546785A3-DE96-4F40-9CE0-E5D3122EE90E} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [] => 0
ShellExecuteHooks: No Name - {2B291F10-DB96-11E6-B994-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=9227f5a8015421805b78 ... 5A&type=hp"
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-18] <==== ATTENTION
S2 Prijik; C:\Program Files (x86)\Habing\Srhcloud.dll [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Virus reklamy

Napsal: 18 led 2017 20:20
od p4to
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by p4too (18-01-2017 20:18:48) Run:1
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Task: {546785A3-DE96-4F40-9CE0-E5D3122EE90E} - \UCBrowserSecureUpdater -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [] => 0
ShellExecuteHooks: No Name - {2B291F10-DB96-11E6-B994-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=9227f5a8015421805b78 ... 5A&type=hp"
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-18] <==== ATTENTION
S2 Prijik; C:\Program Files (x86)\Habing\Srhcloud.dll [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{546785A3-DE96-4F40-9CE0-E5D3122EE90E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{546785A3-DE96-4F40-9CE0-E5D3122EE90E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\Windows\system32\drivers => ":x64" ADS removed successfully.
C:\Windows\system32\drivers => ":x86" ADS removed successfully.
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} => key removed successfully
HKCR\CLSID\{3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{2B291F10-DB96-11E6-B994-64006A5CFC23} => value removed successfully
HKCR\CLSID\{2B291F10-DB96-11E6-B994-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
Chrome StartupUrls => removed successfully
C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\Prijik => key removed successfully
Prijik => service removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
EmptyTemp => Error: No automatic fix found for this entry.

==== End of Fixlog 20:18:49 ====

Re: Virus reklamy

Napsal: 18 led 2017 20:22
od Rudy
Smazáno. Nastala nějaká změna?

Re: Virus reklamy

Napsal: 18 led 2017 20:38
od p4to
Uz to vyzera lepsie, no stale akosi pomali ho zapina.
Hlavne to boot menu (ci ako sa to vola), ked stlacim gombim a ukazuje logo vyrobcu Lenovo.
Ani by som nepovedal ze to suvisi s OS. Tazko povedat skusim este kasperskyho odinstalovat mozno pojde rychlejsie.

Dakujem za pomoc

Re: Virus reklamy

Napsal: 18 led 2017 21:10
od Rudy
Antivir je třeba. Zkuste startmenu>přík. řádek>(napsat) msconfig>Enter. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. V praxi jsou to všechny ne-microsoftí, kromě ovladačů a antiviru.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz