VIRY.CZ

Dobrý den, z nějakého důvodu se mi v poslední době brutálně vytěžují paměti ram. Vlastním 8Gb. Po nějaké době, cca po 2 hodinách puštěného pc se mi vytížení pamětí zvedne na 98% a pomůže jen restart. A to i když nemám spuštěný žádný program. Prosím o radu. Přikládám výpis z logu...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Petr (administrator) on PETR-PC (12-02-2018 18:01:08)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr & OVRLibraryService & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\Installer\MSI7EC5.tmp
(HTC Corporation) C:\Program Files\HTC Account\Htc.Identity.Service.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Micron Technology, Inc.) C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
() C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IPEVO) C:\Program Files (x86)\IPEVO\Control Center\ICC\IPEVO Control Center.exe
() C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_2.2.19.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
() C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_2.2.19.0_x64__wyx1vj98g3asy\SamsungFlow.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
() C:\Program Files (x86)\Genius\Gila\mousehid.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Genius\Gila\trayicon.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer64.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454656 2016-01-21] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2016-01-21] (Saitek)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [ctfmon] => c:\windows\system32\ctfmon.exe [10752 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [324352 2017-12-18] (ESET)
HKLM-x32\...\Run: [Gila] => C:\Program Files (x86)\Genius\Gila\mousehid.exe [307712 2013-01-07] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [LEDBarController] => C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe [43056 2015-09-18] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [SilentFanControl] => C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe [243248 2015-09-16] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [HTC Store User Content Helper] => C:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe [112464 2017-02-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [IPEVO Control Center] => C:\Program Files (x86)\IPEVO\Control Center\ICC\IPEVO Control Center.exe [1475072 2011-09-05] (IPEVO)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1184928 2018-01-25] (Samsung)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-04-02]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-04-16]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69a1bdc8-f7e5-44bf-bc80-ac82322ce60f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3350653476-3925414303-2360853535-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.facebook.com/?ref=logo
CHR StartupUrls: Default -> "hxxps://www.facebook.com/?ref=logo"
CHR NewTab: Default -> Not-active:"chrome-extension://bgjpfhpjcgdppjbgnpnjllokbmcdllig/speeddial/html/temporaryNewTab.html"
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2018-02-12]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-01-11]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-01-01]
CHR Extension: (Adblock na Youtube™) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Downloads) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2017-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Televize Online) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2015-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2017-05-10] ()
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1027072 2016-11-10] (Digital Care Solutions) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1940584 2017-12-18] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-03-09] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [532552 2018-01-21] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-08] (GOG.com)
R2 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [20712 2016-12-15] (HTC Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSI7EC5.tmp [102400 2014-11-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457104 2016-12-05] (Rivet Networks)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-07-06] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MicronCacheMonitor; C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe [689152 2016-07-26] (Micron Technology, Inc.) [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
S4 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-01-20] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-01-20] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135464 2018-01-22] (Oculus VR, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [480208 2018-01-22] (Oculus VR)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-05-05] (Power Admin LLC)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-11] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-11-08] ()
S3 scan; C:\Program Files\BDServices\scan.dll [627688 2016-11-10] (Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [24048 2014-04-03] ()
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [330208 2017-07-19] ()
R2 Viveport; C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe [72016 2017-02-24] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [155696 2015-09-21] (MICRO-STAR INT'L,.LTD.)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-08-07] (Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\WINDOWS\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66136 2016-11-14] (Broadcom Corporation.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [108608 2016-09-24] (Dokan Project)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-07-30] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107328 2018-01-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-12-16] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2018-01-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2015-10-31] (Highresolution Enterprises [www.highrez.co.uk])
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R1 mtihint; C:\WINDOWS\system32\Drivers\mtihint.sys [18504 2015-07-13] (Micron Technology, Inc.) [File not signed]
S3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2017-08-03] (Facebook Inc.)
R3 pikbd; C:\WINDOWS\System32\drivers\pikbd.sys [22880 2013-11-30] (Christian Gulden)
R3 pimou; C:\WINDOWS\System32\drivers\pimou.sys [24600 2015-09-13] (Christian Gulden)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
S3 SaiK0762; C:\WINDOWS\System32\drivers\SaiK0762.sys [181920 2015-11-06] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2016-01-27] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51616 2016-01-27] (Saitek)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-11-10] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 18:01 - 2018-02-12 18:01 - 000026716 _____ C:\Users\Petr\Desktop\FRST.txt
2018-02-12 18:00 - 2018-02-12 17:56 - 002405376 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2018-02-12 17:59 - 2018-02-12 17:58 - 000112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher (1).exe
2018-02-12 17:56 - 2018-02-12 18:01 - 000000000 ____D C:\FRST
2018-02-12 14:42 - 2018-02-12 14:42 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2018-02-09 00:27 - 2018-02-10 13:47 - 000000000 ____D C:\Users\Petr\AppData\Local\WhatsApp
2018-02-09 00:27 - 2018-02-09 00:27 - 000002297 _____ C:\Users\Petr\Desktop\WhatsApp.lnk
2018-02-09 00:13 - 2018-02-11 17:07 - 000000000 ____D C:\Users\Petr\AppData\Roaming\WhatsApp
2018-02-09 00:13 - 2018-02-09 00:27 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-02-07 06:58 - 2018-02-07 06:58 - 000002803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk
2018-02-07 06:58 - 2018-02-07 06:58 - 000000000 ____D C:\ProgramData\LGE
2018-02-07 06:58 - 2018-02-07 06:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Care Suite
2018-02-07 06:57 - 2018-02-07 06:57 - 000000000 ____D C:\Users\Petr\AppData\Local\B2X
2018-02-07 06:56 - 2018-02-07 06:56 - 000000000 ____D C:\ProgramData\B2X
2018-02-01 19:20 - 2018-02-01 19:20 - 000002080 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\ProgramData\ESET
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\Program Files\ESET
2018-02-01 19:20 - 2018-01-19 15:32 - 000134368 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2018-02-01 19:20 - 2018-01-19 15:32 - 000106304 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000081880 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000050744 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2018-01-31 18:59 - 2018-01-31 18:59 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3350653476-3925414303-2360853535-1000
2018-01-31 18:59 - 2018-01-31 18:59 - 000002425 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 15:29 - 2018-01-30 15:30 - 000000000 ____D C:\Program Files (x86)\Flawless Widescreen
2018-01-30 15:29 - 2018-01-30 15:29 - 000001227 _____ C:\Users\Public\Desktop\Flawless Widescreen.lnk
2018-01-30 15:29 - 2018-01-30 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
2018-01-30 14:02 - 2018-01-30 14:17 - 000000000 ____D C:\Users\Petr\AppData\Local\MassEffectModder
2018-01-24 22:40 - 2018-01-24 22:40 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-24 22:40 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-22 20:45 - 2018-01-22 20:45 - 000000020 ___SH C:\Users\OVRLibraryService\ntuser.ini
2018-01-21 02:14 - 2018-01-21 02:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2018-01-21 02:14 - 2018-01-21 02:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-01-21 02:14 - 2018-01-21 02:13 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 17:44 - 2017-12-11 09:34 - 003498834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-12 17:44 - 2017-09-30 15:30 - 001390054 _____ C:\WINDOWS\system32\perfh005.dat
2018-02-12 17:44 - 2017-09-30 15:30 - 000362118 _____ C:\WINDOWS\system32\perfc005.dat
2018-02-12 17:40 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration
2018-02-12 17:39 - 2017-05-31 17:36 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Origin
2018-02-12 17:39 - 2017-04-12 10:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-12 17:39 - 2014-11-28 01:47 - 000000000 ____D C:\ProgramData\Origin
2018-02-12 17:38 - 2017-12-11 09:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-12 17:38 - 2017-12-11 09:43 - 000000000 ____D C:\Users\Petr
2018-02-12 17:38 - 2017-12-11 09:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-12 17:38 - 2016-12-20 00:25 - 000000000 ____D C:\Users\Petr\AppData\Local\Oculus
2018-02-12 17:38 - 2016-03-09 17:21 - 000000091 _____ C:\HaxLogs.txt
2018-02-12 17:23 - 2014-11-27 21:29 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2018-02-12 14:42 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-12 14:15 - 2017-12-11 09:48 - 000004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D87F7E91-CC38-47E8-B6CA-3B4B7227B8C4}
2018-02-12 12:13 - 2017-08-01 20:51 - 000002210 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2018-02-12 08:58 - 2014-11-28 11:25 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2018-02-11 12:32 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-11 12:32 - 2016-03-06 16:13 - 000000000 ____D C:\Program Files (x86)\HTC
2018-02-11 12:31 - 2017-04-02 13:24 - 000000000 ____D C:\ProgramData\Wondershare
2018-02-11 12:26 - 2017-11-12 22:05 - 000000000 ____D C:\Users\Petr\AppData\Local\JxBrowser
2018-02-11 12:26 - 2014-11-27 19:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-10 12:28 - 2016-11-17 13:38 - 000000000 ____D C:\Program Files\BDServices
2018-02-10 12:24 - 2015-05-11 19:29 - 000000000 ____D C:\Users\Petr\AppData\Local\SquirrelTemp
2018-02-10 12:24 - 2014-11-28 17:55 - 000000000 ____D C:\Temp
2018-02-10 12:11 - 2014-12-05 11:05 - 000007652 _____ C:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2018-02-10 11:20 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-10 08:57 - 2017-10-09 06:15 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-02-08 15:22 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-08 15:21 - 2017-12-11 09:43 - 000000000 ____D C:\Users\Petr\AppData\Local\Packages
2018-02-08 15:21 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-08 11:21 - 2017-12-19 09:38 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-08 11:21 - 2017-12-11 09:33 - 000246328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-07 19:56 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-07 06:58 - 2016-01-13 22:03 - 000000000 ____D C:\ProgramData\HTC
2018-02-06 06:31 - 2014-11-27 19:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 06:31 - 2014-11-27 19:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-05 15:26 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-31 18:59 - 2015-07-26 17:45 - 000000000 ___RD C:\Users\Petr\OneDrive
2018-01-30 10:22 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-30 02:06 - 2017-11-19 23:28 - 000001068 _____ C:\Users\Public\Desktop\STAR WARS Battlefront II.lnk
2018-01-30 01:52 - 2017-05-31 17:36 - 000000000 ____D C:\Program Files (x86)\Origin
2018-01-27 13:32 - 2015-01-18 14:58 - 000000000 ____D C:\Users\Petr\AppData\Local\Adobe
2018-01-27 13:29 - 2017-12-11 09:48 - 000004716 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-27 13:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-27 13:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-26 00:16 - 2016-01-16 14:33 - 000000000 ____D C:\Users\Petr\Documents\The Witcher 3
2018-01-24 23:07 - 2017-05-08 16:10 - 000000000 ____D C:\Users\Petr\Documents\Deus Ex - Mankind Divided
2018-01-24 23:07 - 2016-12-20 11:05 - 000000000 ____D C:\Program Files\Oculus
2018-01-24 22:40 - 2014-12-29 00:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 20:45 - 2017-12-11 09:43 - 000000000 ____D C:\Users\OVRLibraryService
2018-01-21 15:15 - 2015-05-19 19:17 - 000000000 ____D C:\Program Files (x86)\GalaxyClient
2018-01-21 02:15 - 2014-12-06 14:03 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 02:14 - 2016-03-09 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-01-21 02:14 - 2016-03-09 17:16 - 000000000 ____D C:\Program Files\Java
2018-01-21 02:14 - 2015-07-30 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-21 02:14 - 2014-12-06 14:03 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 00:56 - 2015-09-13 18:38 - 000002409 _____ C:\Users\Petr\.kdiff3rc
2018-01-20 23:36 - 2014-11-27 21:29 - 000000000 ____D C:\ProgramData\Skype
2018-01-19 15:31 - 2017-12-10 13:38 - 000107328 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys

==================== Files in the root of some directories =======

2014-11-27 21:44 - 2018-02-10 12:28 - 000000115 _____ () C:\Users\Petr\AppData\Roaming\LogFile.txt
2016-06-12 12:35 - 2016-06-12 12:35 - 000000100 _____ () C:\Users\Petr\AppData\Roaming\ScriptStudioLayout.ini
2016-06-12 12:35 - 2016-06-12 12:35 - 000000046 _____ () C:\Users\Petr\AppData\Roaming\ScriptStudioOptions.ini
2017-04-16 15:56 - 2017-04-16 15:56 - 000000000 _____ () C:\Users\Petr\AppData\Local\Driver_LOM_8161Present.flag
2014-12-08 16:40 - 2017-04-06 16:33 - 002370560 _____ () C:\Users\Petr\AppData\Local\file__0.localstorage
2014-12-05 11:05 - 2018-02-10 12:11 - 000007652 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-02-12 12:13 - 2018-02-12 12:13 - 000066048 _____ () C:\Users\Petr\AppData\Local\Temp\Execute2App.exe
2018-02-12 12:13 - 2016-12-09 08:03 - 000568832 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\msvcp90.dll
2018-02-12 12:13 - 2016-12-09 08:03 - 000655872 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\msvcr90.dll
2018-02-11 12:26 - 2018-02-11 12:26 - 000040448 ____N () C:\Users\Petr\AppData\Local\Temp\proxy_vole4589665020546360370.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-09 21:04

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:237.94 GB) (Free:111.07 GB) NTFS
Drive e: (Úložiště) (Fixed) (Total:931.51 GB) (Free:321.24 GB) NTFS
\\?\Volume{8993e0c4-7662-11e4-b8ae-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{3ca33780-0000-0000-0000-30823b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

Available physical RAM: 1007.97 MB
Total physical RAM: 8140.79 MB
Percentage of memory in use: 87%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3CA33780)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28F75257)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MedReminder.job => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe-1437765770126.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\MSIOSDx64_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
Task: C:\WINDOWS\Tasks\MSIOSDx86_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\WINDOWS\Tasks\RegCure Pro Update.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_C99AC78E-ACC2-11E6-9ECE-448A5B9FA09A.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petr\Desktop" je 405 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Command Center
C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
"C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update
C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sound Blaster Cinema 2
"C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk
E:\Program Files (x86)\Rainmeter\Rainmeter.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Log po restartu počítače:

# AdwCleaner 7.0.8.0 - Logfile created on Mon Feb 12 18:19:46 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: scan


***** [ Folders ] *****

Deleted: C:\ProgramData\SparkTrust
Deleted: C:\Users\All Users\SparkTrust
Deleted: C:\ProgramData\PARETOLOGIC
Deleted: C:\Program Files (x86)\PARETOLOGIC
Deleted: C:\Users\All Users\PARETOLOGIC
Deleted: C:\Users\Petr\AppData\Roaming\PARETOLOGIC
Deleted: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC
Deleted: C:\Users\Petr\AppData\Roaming\UpdateMyDrivers


***** [ Files ] *****

Deleted: C:\END
Deleted: C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RegCure Pro.lnk
Deleted: C:\Users\Petr\Desktop\RegCure Pro.lnk
Deleted: C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\REGCURE PRO.LNK
Deleted: C:\Users\Petr\Desktop\REGCURE PRO.LNK


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: RegCure Pro Update
Deleted: RegCure Pro_sch_C99AC78E-ACC2-11E6-9ECE-448A5B9FA09A
Deleted: RegCure Pro_sch_C99AC78E-ACC2-11E6-9ECE-448A5B9FA09A


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\ParetoLogic
Deleted: [Key] - HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\Software\ParetoLogic
Deleted: [Key] - HKCU\Software\ParetoLogic
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}
Deleted: [Key] - HKLM\SOFTWARE\sparktrust
Deleted: [Key] - HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\Software\sparktrust
Deleted: [Key] - HKCU\Software\sparktrust
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0}
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3696 B] - [2018/2/12 18:18:54]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Petr (administrator) on PETR-PC (12-02-2018 20:05:43)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr & OVRLibraryService & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\Installer\MSI7EC5.tmp
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(HTC Corporation) C:\Program Files\HTC Account\Htc.Identity.Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Micron Technology, Inc.) C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Oculus VR) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
() C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer64.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IPEVO) C:\Program Files (x86)\IPEVO\Control Center\ICC\IPEVO Control Center.exe
() C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_2.2.19.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
() C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_2.2.19.0_x64__wyx1vj98g3asy\SamsungFlow.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
() C:\Program Files (x86)\Genius\Gila\mousehid.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Genius\Gila\trayicon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454656 2016-01-21] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2016-01-21] (Saitek)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [ctfmon] => c:\windows\system32\ctfmon.exe [10752 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [324352 2017-12-18] (ESET)
HKLM-x32\...\Run: [Gila] => C:\Program Files (x86)\Genius\Gila\mousehid.exe [307712 2013-01-07] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [LEDBarController] => C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe [43056 2015-09-18] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [SilentFanControl] => C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe [243248 2015-09-16] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [HTC Store User Content Helper] => C:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe [112464 2017-02-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [IPEVO Control Center] => C:\Program Files (x86)\IPEVO\Control Center\ICC\IPEVO Control Center.exe [1475072 2011-09-05] (IPEVO)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1184928 2018-01-25] (Samsung)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI)
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-04-02]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-04-16]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69a1bdc8-f7e5-44bf-bc80-ac82322ce60f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3350653476-3925414303-2360853535-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.facebook.com/?ref=logo
CHR StartupUrls: Default -> "hxxps://www.facebook.com/?ref=logo"
CHR NewTab: Default -> Not-active:"chrome-extension://bgjpfhpjcgdppjbgnpnjllokbmcdllig/speeddial/html/temporaryNewTab.html"
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2018-02-12]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-01-11]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-01-01]
CHR Extension: (Adblock na Youtube™) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Downloads) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2017-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Televize Online) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2015-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2017-05-10] ()
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1027072 2016-11-10] (Digital Care Solutions) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1940584 2017-12-18] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-03-09] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [532552 2018-01-21] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-08] (GOG.com)
R2 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [20712 2016-12-15] (HTC Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSI7EC5.tmp [102400 2014-11-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457104 2016-12-05] (Rivet Networks)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-07-06] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MicronCacheMonitor; C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe [689152 2016-07-26] (Micron Technology, Inc.) [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
S4 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-01-20] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-01-20] (Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [135464 2018-01-22] (Oculus VR, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [480208 2018-01-22] (Oculus VR)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-05-05] (Power Admin LLC)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-11] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-11-08] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [24048 2014-04-03] ()
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [330208 2017-07-19] ()
R2 Viveport; C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe [72016 2017-02-24] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [155696 2015-09-21] (MICRO-STAR INT'L,.LTD.)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-08-07] (Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\WINDOWS\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66136 2016-11-14] (Broadcom Corporation.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [108608 2016-09-24] (Dokan Project)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-07-30] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107328 2018-01-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-12-16] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2018-01-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2015-10-31] (Highresolution Enterprises [www.highrez.co.uk])
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R1 mtihint; C:\WINDOWS\system32\Drivers\mtihint.sys [18504 2015-07-13] (Micron Technology, Inc.) [File not signed]
S3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2017-08-03] (Facebook Inc.)
R3 pikbd; C:\WINDOWS\System32\drivers\pikbd.sys [22880 2013-11-30] (Christian Gulden)
R3 pimou; C:\WINDOWS\System32\drivers\pimou.sys [24600 2015-09-13] (Christian Gulden)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
S3 SaiK0762; C:\WINDOWS\System32\drivers\SaiK0762.sys [181920 2015-11-06] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2016-01-27] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51616 2016-01-27] (Saitek)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-11-10] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 20:05 - 2018-02-12 20:05 - 000025705 _____ C:\Users\Petr\Desktop\FRST.txt
2018-02-12 19:17 - 2018-02-12 19:18 - 000000000 ____D C:\AdwCleaner
2018-02-12 18:02 - 2018-02-12 18:02 - 000026309 _____ C:\Users\Petr\Desktop\Addition.rar
2018-02-12 18:00 - 2018-02-12 17:56 - 002405376 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2018-02-12 17:59 - 2018-02-12 17:58 - 000112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher (1).exe
2018-02-12 17:56 - 2018-02-12 20:05 - 000000000 ____D C:\FRST
2018-02-12 14:42 - 2018-02-12 14:42 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2018-02-09 00:27 - 2018-02-10 13:47 - 000000000 ____D C:\Users\Petr\AppData\Local\WhatsApp
2018-02-09 00:27 - 2018-02-09 00:27 - 000002297 _____ C:\Users\Petr\Desktop\WhatsApp.lnk
2018-02-09 00:13 - 2018-02-11 17:07 - 000000000 ____D C:\Users\Petr\AppData\Roaming\WhatsApp
2018-02-09 00:13 - 2018-02-09 00:27 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-02-07 06:58 - 2018-02-07 06:58 - 000002803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk
2018-02-07 06:58 - 2018-02-07 06:58 - 000000000 ____D C:\ProgramData\LGE
2018-02-07 06:58 - 2018-02-07 06:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Care Suite
2018-02-07 06:57 - 2018-02-07 06:57 - 000000000 ____D C:\Users\Petr\AppData\Local\B2X
2018-02-07 06:56 - 2018-02-07 06:56 - 000000000 ____D C:\ProgramData\B2X
2018-02-01 19:20 - 2018-02-01 19:20 - 000002080 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\ProgramData\ESET
2018-02-01 19:20 - 2018-02-01 19:20 - 000000000 ____D C:\Program Files\ESET
2018-02-01 19:20 - 2018-01-19 15:32 - 000134368 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2018-02-01 19:20 - 2018-01-19 15:32 - 000106304 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000081880 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2018-02-01 19:20 - 2018-01-19 15:31 - 000050744 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2018-01-31 18:59 - 2018-01-31 18:59 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3350653476-3925414303-2360853535-1000
2018-01-31 18:59 - 2018-01-31 18:59 - 000002425 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 15:29 - 2018-01-30 15:30 - 000000000 ____D C:\Program Files (x86)\Flawless Widescreen
2018-01-30 15:29 - 2018-01-30 15:29 - 000001227 _____ C:\Users\Public\Desktop\Flawless Widescreen.lnk
2018-01-30 15:29 - 2018-01-30 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
2018-01-30 14:02 - 2018-01-30 14:17 - 000000000 ____D C:\Users\Petr\AppData\Local\MassEffectModder
2018-01-24 22:40 - 2018-01-24 22:40 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-24 22:40 - 2018-01-24 22:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-24 22:40 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-22 20:45 - 2018-01-22 20:45 - 000000020 ___SH C:\Users\OVRLibraryService\ntuser.ini
2018-01-21 02:14 - 2018-01-21 02:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2018-01-21 02:14 - 2018-01-21 02:14 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-01-21 02:14 - 2018-01-21 02:13 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 19:26 - 2017-12-11 09:34 - 003571034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-12 19:26 - 2017-09-30 15:30 - 001417110 _____ C:\WINDOWS\system32\perfh005.dat
2018-02-12 19:26 - 2017-09-30 15:30 - 000370490 _____ C:\WINDOWS\system32\perfc005.dat
2018-02-12 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration
2018-02-12 19:20 - 2017-12-11 09:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-12 19:20 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-12 19:20 - 2017-04-12 10:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-12 19:20 - 2016-12-20 00:25 - 000000000 ____D C:\Users\Petr\AppData\Local\Oculus
2018-02-12 19:20 - 2016-03-09 17:21 - 000000091 _____ C:\HaxLogs.txt
2018-02-12 19:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-02-12 19:16 - 2017-12-11 09:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-12 18:14 - 2017-03-31 10:06 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-02-12 17:39 - 2017-05-31 17:36 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Origin
2018-02-12 17:39 - 2014-11-28 01:47 - 000000000 ____D C:\ProgramData\Origin
2018-02-12 17:38 - 2017-12-11 09:43 - 000000000 ____D C:\Users\Petr
2018-02-12 17:23 - 2014-11-27 21:29 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2018-02-12 14:15 - 2017-12-11 09:48 - 000004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D87F7E91-CC38-47E8-B6CA-3B4B7227B8C4}
2018-02-12 12:13 - 2017-08-01 20:51 - 000002210 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2018-02-12 08:58 - 2014-11-28 11:25 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2018-02-11 12:32 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-11 12:32 - 2016-03-06 16:13 - 000000000 ____D C:\Program Files (x86)\HTC
2018-02-11 12:31 - 2017-04-02 13:24 - 000000000 ____D C:\ProgramData\Wondershare
2018-02-11 12:26 - 2017-11-12 22:05 - 000000000 ____D C:\Users\Petr\AppData\Local\JxBrowser
2018-02-11 12:26 - 2014-11-27 19:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-10 12:28 - 2016-11-17 13:38 - 000000000 ____D C:\Program Files\BDServices
2018-02-10 12:24 - 2015-05-11 19:29 - 000000000 ____D C:\Users\Petr\AppData\Local\SquirrelTemp
2018-02-10 12:24 - 2014-11-28 17:55 - 000000000 ____D C:\Temp
2018-02-10 12:11 - 2014-12-05 11:05 - 000007652 _____ C:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2018-02-10 11:20 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-10 08:57 - 2017-10-09 06:15 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-02-08 15:22 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-08 15:21 - 2017-12-11 09:43 - 000000000 ____D C:\Users\Petr\AppData\Local\Packages
2018-02-08 15:21 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-08 11:21 - 2017-12-19 09:38 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-08 11:21 - 2017-12-11 09:33 - 000246328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-07 19:56 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-07 06:58 - 2016-01-13 22:03 - 000000000 ____D C:\ProgramData\HTC
2018-02-06 06:31 - 2014-11-27 19:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 06:31 - 2014-11-27 19:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-05 15:26 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-31 18:59 - 2015-07-26 17:45 - 000000000 ___RD C:\Users\Petr\OneDrive
2018-01-30 10:22 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-30 02:06 - 2017-11-19 23:28 - 000001068 _____ C:\Users\Public\Desktop\STAR WARS Battlefront II.lnk
2018-01-30 01:52 - 2017-05-31 17:36 - 000000000 ____D C:\Program Files (x86)\Origin
2018-01-27 13:32 - 2015-01-18 14:58 - 000000000 ____D C:\Users\Petr\AppData\Local\Adobe
2018-01-27 13:29 - 2017-12-11 09:48 - 000004716 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-27 13:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-27 13:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-26 00:16 - 2016-01-16 14:33 - 000000000 ____D C:\Users\Petr\Documents\The Witcher 3
2018-01-24 23:07 - 2017-05-08 16:10 - 000000000 ____D C:\Users\Petr\Documents\Deus Ex - Mankind Divided
2018-01-24 23:07 - 2016-12-20 11:05 - 000000000 ____D C:\Program Files\Oculus
2018-01-24 22:40 - 2014-12-29 00:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 20:45 - 2017-12-11 09:43 - 000000000 ____D C:\Users\OVRLibraryService
2018-01-21 15:15 - 2015-05-19 19:17 - 000000000 ____D C:\Program Files (x86)\GalaxyClient
2018-01-21 02:15 - 2014-12-06 14:03 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 02:14 - 2016-03-09 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-01-21 02:14 - 2016-03-09 17:16 - 000000000 ____D C:\Program Files\Java
2018-01-21 02:14 - 2015-07-30 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-21 02:14 - 2014-12-06 14:03 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 00:56 - 2015-09-13 18:38 - 000002409 _____ C:\Users\Petr\.kdiff3rc
2018-01-20 23:36 - 2014-11-27 21:29 - 000000000 ____D C:\ProgramData\Skype
2018-01-19 15:31 - 2017-12-10 13:38 - 000107328 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys

==================== Files in the root of some directories =======

2014-11-27 21:44 - 2018-02-10 12:28 - 000000115 _____ () C:\Users\Petr\AppData\Roaming\LogFile.txt
2016-06-12 12:35 - 2016-06-12 12:35 - 000000100 _____ () C:\Users\Petr\AppData\Roaming\ScriptStudioLayout.ini
2016-06-12 12:35 - 2016-06-12 12:35 - 000000046 _____ () C:\Users\Petr\AppData\Roaming\ScriptStudioOptions.ini
2017-04-16 15:56 - 2017-04-16 15:56 - 000000000 _____ () C:\Users\Petr\AppData\Local\Driver_LOM_8161Present.flag
2014-12-08 16:40 - 2017-04-06 16:33 - 002370560 _____ () C:\Users\Petr\AppData\Local\file__0.localstorage
2014-12-05 11:05 - 2018-02-10 12:11 - 000007652 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-02-12 12:13 - 2018-02-12 12:13 - 000066048 _____ () C:\Users\Petr\AppData\Local\Temp\Execute2App.exe
2018-02-12 12:13 - 2016-12-09 08:03 - 000568832 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\msvcp90.dll
2018-02-12 12:13 - 2016-12-09 08:03 - 000655872 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\msvcr90.dll
2018-02-11 12:26 - 2018-02-11 12:26 - 000040448 ____N () C:\Users\Petr\AppData\Local\Temp\proxy_vole4589665020546360370.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-09 21:04

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:237.94 GB) (Free:110.67 GB) NTFS
Drive e: (Úložiště) (Fixed) (Total:931.51 GB) (Free:310.55 GB) NTFS
\\?\Volume{8993e0c4-7662-11e4-b8ae-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{3ca33780-0000-0000-0000-30823b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

Available physical RAM: 5702.19 MB
Total physical RAM: 8140.79 MB
Percentage of memory in use: 29%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3CA33780)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28F75257)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MedReminder.job => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe-1437765770126.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\MSIOSDx64_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
Task: C:\WINDOWS\Tasks\MSIOSDx86_Host.job => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petr\Desktop" je 405 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Command Center
C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
"C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update
C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sound Blaster Cinema 2
"C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk
E:\Program Files (x86)\Rainmeter\Rainmeter.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
U3 idsvc; no ImagePath
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> No File
Task: {4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {79F37A51-120D-417D-A19B-7B3868675204} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7B55DECD-4FED-44D1-BA85-8BF89DEE8888} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6C8C7C23-1C5D-4D62-A293-76D2AB50E120} - System32\Tasks\MedReminder => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe <==== ATTENTION
Task: {BEB3E16D-F72D-443F-885B-89A75A7FB9B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C819CD04-445B-46FE-8F88-405572B4F5AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DDC88311-9393-4A41-AD75-9E65331F5317} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\MedReminder.job => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe-1437765770126.exe <==== ATTENTION
C:\Windows\Installer\MSI7EC5.tmp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Petr (12-02-2018 21:16:54) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr & OVRLibraryService & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
U3 idsvc; no ImagePath
HKU\S-1-5-21-3350653476-3925414303-2360853535-1000\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> No File
Task: {4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {79F37A51-120D-417D-A19B-7B3868675204} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7B55DECD-4FED-44D1-BA85-8BF89DEE8888} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6C8C7C23-1C5D-4D62-A293-76D2AB50E120} - System32\Tasks\MedReminder => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe <==== ATTENTION
Task: {BEB3E16D-F72D-443F-885B-89A75A7FB9B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C819CD04-445B-46FE-8F88-405572B4F5AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DDC88311-9393-4A41-AD75-9E65331F5317} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\MedReminder.job => c:\programdata\{fbee48cf-4ca4-5c74-fbee-e48cf4ca233d}\skelligemostwantedupdated.exe-1437765770126.exe <==== ATTENTION
C:\Windows\Installer\MSI7EC5.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
"HKU\S-1-5-21-3350653476-3925414303-2360853535-1000_Classes\ChromeHTML" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Fast Explorer" => removed successfully
HKLM\Software\Classes\CLSID\{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-3xd => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79F37A51-120D-417D-A19B-7B3868675204} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F37A51-120D-417D-A19B-7B3868675204} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B55DECD-4FED-44D1-BA85-8BF89DEE8888} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B55DECD-4FED-44D1-BA85-8BF89DEE8888} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C8C7C23-1C5D-4D62-A293-76D2AB50E120} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8C7C23-1C5D-4D62-A293-76D2AB50E120} => could not remove key. ErrorCode1: 0x00000002
C:\WINDOWS\System32\Tasks\MedReminder => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MedReminder => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEB3E16D-F72D-443F-885B-89A75A7FB9B7} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB3E16D-F72D-443F-885B-89A75A7FB9B7} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C819CD04-445B-46FE-8F88-405572B4F5AB} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C819CD04-445B-46FE-8F88-405572B4F5AB} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDC88311-9393-4A41-AD75-9E65331F5317} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC88311-9393-4A41-AD75-9E65331F5317} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => could not remove key. ErrorCode1: 0x00000002
C:\WINDOWS\Tasks\MedReminder.job => moved successfully
C:\Windows\Installer\MSI7EC5.tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43107402 B
Java, Flash, Steam htmlcache => 472935044 B
Windows/system/drivers => 91875792 B
Edge => 0 B
Chrome => 906773192 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 39202 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7346 B
NetworkService => 0 B
Petr => 203676168 B
OVRLibraryService => 39202 B
DefaultAppPool => 39202 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-02-2018 21:17:59)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB7C617-4AF9-4B9F-BBB5-3A92094CB70F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-3xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79F37A51-120D-417D-A19B-7B3868675204}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F37A51-120D-417D-A19B-7B3868675204}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B55DECD-4FED-44D1-BA85-8BF89DEE8888}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B55DECD-4FED-44D1-BA85-8BF89DEE8888}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C8C7C23-1C5D-4D62-A293-76D2AB50E120}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8C7C23-1C5D-4D62-A293-76D2AB50E120}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MedReminder" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEB3E16D-F72D-443F-885B-89A75A7FB9B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB3E16D-F72D-443F-885B-89A75A7FB9B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C819CD04-445B-46FE-8F88-405572B4F5AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C819CD04-445B-46FE-8F88-405572B4F5AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDC88311-9393-4A41-AD75-9E65331F5317}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC88311-9393-4A41-AD75-9E65331F5317}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully

==== End of Fixlog 21:17:59 ====

OK. Nastala nějaká změna?

Zatím pozoruji využití ram mezi 35%, když zapnu Chrome tak kolem 37% a nejde nad 40%. Zatím dobré, ale chce to více hodin testování. Vyzkouším pár her, pustím nějaký film a během pár dnů se ozvu. Prozatím nechte prosím vlákno odemčené. Mohu se zeptat, v čem byla chyba? Nějaký balast? Zatím předem děkuji

Ano, balast a pár AdWarů.

Zdravím, bohužel po delším puštění prohlížeče, otevřených pár záložek a puštěné hudbě vytížení ram 78%. To se mi zdá při 8Gb ram celkem hodně. Pokud bych počkal pár hodin¨, dostal bych se opět k 98% vytížení a pc by se začalo sekat.

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.02.18
Čas skenování: 13:29
Logovací soubor: 989a65ae-10b9-11e8-8e03-448a5b9fa09a.json
Správce: Ano

-Informace o softwaru-
Verze: 3.2.2.2029
Verze komponentů: 1.0.212
Aktualizovat verzi balíku komponent: 1.0.3932
Licence: Vypršelo

-Systémová informace-
OS: Windows 10 (Build 16299.192)
CPU: x64
Systém souborů: NTFS
Uživatel: PETR-PC\Petr

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 422209
Zjištěné hrozby: 6
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 min, 35 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Varovat
Potenciálně nežádoucí modifikace: Varovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 3
PUP.Optional.Wondershare1ClickPCCare, C:\Users\Petr\AppData\Roaming\spotmau\WinCare2010\Startup Baks, Žádná uživatelská akce, [8140], [449885],1.0.3932
PUP.Optional.Wondershare1ClickPCCare, C:\USERS\PETR\APPDATA\ROAMING\SPOTMAU\WINCARE2010, Žádná uživatelská akce, [8140], [449885],1.0.3932
PUP.Optional.TuneUp360, C:\PROGRAMDATA\TUNEUP360, Žádná uživatelská akce, [14386], [452044],1.0.3932

Soubor: 3
PUP.Optional.BuenoSearch, C:\USERS\PETR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Žádná uživatelská akce, [3131], [455061],1.0.3932
PUP.Optional.BuenoSearch, C:\USERS\PETR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Žádná uživatelská akce, [3131], [455061],1.0.3932
PUP.Optional.BuenoSearch, C:\USERS\PETR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Žádná uživatelská akce, [3131], [455061],1.0.3932

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Všechny nálezy MBAM smažte.

Hotovo