VIRY.CZ

Samovolně se vypíná win 7 a naskočí modrá obrazovka

Logfile of random's system information tool 1.10 (written by random/random)
Run by KejmlFX at 2018-04-10 13:14:43
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 4 GB (4%) free of 100 GB
Total RAM: 6142 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:14:44, on 10.4.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\MetaTrader FIX\terminal.exe
C:\Program Files\trend micro\KejmlFX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Users\KejmlFX\AppData\Local\Temp\{3c4db08e-ff21-4b3a-A14C-0ABB35FB0449}\{7B28E39C-883C-4f49-ABFB-5D16796F2DD9}\APAX.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: AVG Antivirus - Unknown owner - C:\Program Files\AVG\Antivirus\AVGSvc.exe (file missing)
O23 - Service: avgbIDSAgent - Unknown owner - C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe (file missing)
O23 - Service: dahjService - Unknown owner - C:\ProgramData\dahjService\dahjService.exe (file missing)
O23 - Service: Izolace klíče CNG (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Služba Netlogon (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Chráněné úložiště (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Správce zabezpečení účtů (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Služba zařazování tisku (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Virtuální disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe

--
End of file - 8279 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"taskhost.exe"
C:\Windows\Explorer.EXE
taskeng.exe {CEE156B3-FE64-4D3E-8079-00D08BD6E158}
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
"C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe" "default"
"C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe" "winlogon"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe "-950251963-2152002671469782185-496223564-177551569417642180601986043285512297960
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k PeerDist
C:\Windows\SysWow64\perfhost.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --disable-gpu-compositing --no-sandbox --service-pipe-token=DCF42A048D82F2D225FF494F056CEE16 --lang=en-US --lang=en-US --log-file="C:\Users\KejmlFX\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=DCF42A048D82F2D225FF494F056CEE16 --renderer-client-id=2 --mojo-platform-channel-handle=1376 /prefetch:1
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.0.472375247\79184453" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" "C:\Users\KejmlFX\AppData\LocalLow\Mozilla\Temp-{bbca3c0d-ae78-4c40-807e-d479b75af85c}" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.3.2020504463\1890824779" -childID 1 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:0|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|224:4;high|278:38;{bbca3c0d-ae78-4c40-807e-d479b75af85c}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.13.171247815\320468368" -childID 2 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:0|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|224:4;high|278:38;{bbca3c0d-ae78-4c40-807e-d479b75af85c}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.20.364654202\307911935" -childID 3 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:0|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|224:4;high|278:38;{bbca3c0d-ae78-4c40-807e-d479b75af85c}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.27.1888729088\1534014627" -childID 4 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:0|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|224:4;high|278:38;{bbca3c0d-ae78-4c40-807e-d479b75af85c}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe"
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\KejmlFX\AppData\Local\Temp\{3E8324}"
\??\C:\Windows\system32\conhost.exe "-1283537079222261440-1897574343182053482117731565741794006129-540334591924416024
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.55.1747346673\588546876" -childID 8 -isForBrowser -intPrefs 6:50|7:-1|34:1000|42:20|43:5|44:10|51:0|57:128|58:10000|63:0|65:400|66:1|67:0|68:0|69:100|74:0|75:120|76:120|159:2|160:1|164:60|165:30|166:512000|175:5000|177:6|191:8192|192:524288|193:5|206:10000|227:24|228:32768|230:0|231:0|240:5|244:1048576|246:100|247:5000|249:600|251:1|260:2000|277:4|281:0|290:60000|308:300|309:30| -boolPrefs 1:0|2:0|4:1|5:0|24:1|27:0|28:1|29:1|31:1|32:1|33:1|36:0|37:0|38:1|41:1|45:1|46:0|47:0|48:1|49:1|50:1|52:0|55:1|56:1|59:0|60:0|61:0|62:0|64:0|70:1|71:1|72:0|73:1|77:1|78:1|79:0|80:0|81:1|82:1|83:0|84:1|87:0|88:0|91:1|92:1|96:1|97:1|98:0|99:1|100:0|101:0|103:0|104:0|105:1|106:1|107:1|110:1|111:1|112:1|113:1|114:1|115:0|116:0|117:0|119:0|120:1|121:1|122:0|123:0|124:0|125:0|127:1|128:0|129:1|130:1|131:1|132:0|133:0|134:1|135:1|136:1|137:1|138:0|139:1|140:1|141:1|142:1|143:1|144:1|145:0|146:1|147:1|148:0|149:1|150:0|152:0|153:0|154:0|155:1|156:1|157:1|158:1|161:1|162:0|172:0|173:0|174:1|178:1|181:0|182:1|184:1|186:0|188:1|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|219:0|220:1|221:0|222:1|225:0|226:0|229:1|232:0|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:0|255:0|256:1|257:1|258:0|259:1|264:0|267:1|268:1|269:1|270:1|271:0|272:0|273:0|279:0|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|303:1|304:1|305:0|306:0|307:0| -stringPrefs "3:7;release|151:0;|212:3;1.0|223:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|224:4;high|278:38;{bbca3c0d-ae78-4c40-807e-d479b75af85c}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
"C:\Program Files (x86)\MetaTrader FIX\terminal.exe"
C:\Windows\system32\msiexec.exe /V
taskeng.exe {DA6DF678-8128-4EAE-B604-D229BE17285D}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\KejmlFX\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe"

======Scheduled tasks folder======

C:\Windows\tasks\EPSON L386 Series Update {C4F071A1-1FA8-41CA-9086-8F83975EA1AA}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE /EXE:"{C4F071A1-1FA8-41CA-9086-8F83975EA1AA}" /F:"Update"
C:\Windows\tasks\EPSON L386 Series Update {D9E0DCF3-EFB2-48FD-AEB4-E939F0D49CAC}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE /EXE:"{D9E0DCF3-EFB2-48FD-AEB4-E939F0D49CAC}" /F:"Update"
C:\Windows\tasks\update-S-1-5-21-1095887988-4229600834-2817492834-1000.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

=========Mozilla firefox=========

ProfilePath - C:\Users\KejmlFX\AppData\Roaming\Mozilla\Firefox\Profiles\q202d0e6.default

prefs.js - "browser.startup.homepage" - "google.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-30 207024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-09 573504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-30 1058472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-30 3209904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-09 236608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]
E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-30 149168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-03-30 678064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-30 2199728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31 471536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27 238576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVGUI.exe"=C:\Program Files\AVG\Antivirus\AvLaunch.exe /gui []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-09-03 11464296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bloody2"=C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [2017-09-01 17627648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACDSeeCommanderUltimate9]
C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe [2015-11-15 3140104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACUW09EN]
C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe [2015-09-14 2087696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avanquest Message]
C:\Users\KejmlFX\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2017-12-01 10249048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2016-03-14 1092304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2017-08-22 17497264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2017-04-11 225944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer.exe]
C:\Users\KejmlFX\AppData\Local\Optimizer\Optimizer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587288]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

30598-05-30 11:27:10 ----A---- C:\Windows\SYSWOW64\yiIOsiQe.exe
2018-04-10 13:13:04 ----D---- C:\rsit
2018-04-10 13:13:04 ----D---- C:\Program Files\trend micro
2018-04-08 19:20:19 ----ASH---- C:\hiberfil.sys
2018-04-08 19:18:10 ----A---- C:\Windows\SYSWOW64\sh4native.exe
2018-04-08 19:17:03 ----HD---- C:\XH6CRy8t9RzE23tj
2018-04-08 18:23:11 ----A---- C:\autoexec.bat
2018-04-08 17:58:40 ----SHD---- C:\$RECYCLE.BIN
2018-04-08 17:50:33 ----D---- C:\Windows\temp
2018-04-08 17:50:32 ----A---- C:\ComboFix.txt
2018-04-08 17:29:12 ----AD---- C:\Qoobox
2018-04-08 16:48:10 ----D---- C:\Windows\erdnt
2018-04-08 09:18:29 ----D---- C:\Windows\pss
2018-04-08 08:20:47 ----D---- C:\Program Files (x86)\GUMAC16.tmp
2018-04-08 07:13:38 ----ASH---- C:\pagefile.sys
2018-04-07 20:47:11 ----D---- C:\Users\KejmlFX\AppData\Roaming\GHISLER
2018-04-07 18:38:51 ----A---- C:\Windows\system32\roboot64.exe
2018-04-07 18:11:00 ----A---- C:\ProgramData\lock.dat
2018-04-07 18:00:54 ----D---- C:\ProgramData\4ace2468-72b7-0
2018-04-07 18:00:52 ----D---- C:\ProgramData\4ace2468-6ac1-1
2018-04-07 18:00:50 ----D---- C:\ProgramData\dahjService
2018-04-07 17:53:51 ----D---- C:\Users\KejmlFX\AppData\Roaming\Solvusoft
2018-04-07 17:52:56 ----D---- C:\ProgramData\Solvusoft
2018-04-07 17:03:11 ----A---- C:\Windows\system32\drivers\IOMap64.sys
2018-04-07 16:27:33 ----D---- C:\ProgramData\SplitMediaLabs
2018-04-07 15:55:30 ----HD---- C:\ProgramData\Common Files
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgVmm.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgStm.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgSP.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgRvrt.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgMonFlt.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgHwid.sys
2018-04-07 15:55:06 ----A---- C:\Windows\system32\drivers\avgArPot.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgSnx.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgRdr2.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgbuniva.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgbloga.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgbidsha.sys
2018-04-07 15:55:05 ----A---- C:\Windows\system32\drivers\avgbidsdrivera.sys
2018-04-07 15:55:04 ----A---- C:\Windows\system32\drivers\avgbdiska.sys
2018-04-07 15:54:39 ----A---- C:\Windows\system32\avgBoot.exe
2018-04-07 15:52:05 ----D---- C:\ProgramData\BlueStacksSetup
2018-04-07 15:50:13 ----D---- C:\ProgramData\AVG
2018-04-07 15:50:04 ----D---- C:\ProgramData\McAfee
2018-04-07 15:32:27 ----D---- C:\Program Files\Andy
2018-03-30 05:32:14 ----D---- C:\Program Files\Common Files\DESIGNER
2018-03-20 16:17:00 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2018-03-20 16:16:49 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2018-03-20 16:16:49 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2018-03-20 16:16:49 ----A---- C:\Windows\system32\vulkaninfo.exe
2018-03-20 16:16:49 ----A---- C:\Windows\system32\vulkan-1.dll
2018-03-20 16:16:48 ----D---- C:\Program Files (x86)\VulkanRT
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2018-03-20 16:12:11 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\nvopencl.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\nvoglv64.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\nvoglshim64.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\nvinitx.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\NvIFR64.dll
2018-03-20 16:12:11 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2018-03-20 16:12:10 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2018-03-20 16:12:10 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2018-03-20 16:12:10 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2018-03-20 16:12:10 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2018-03-20 16:12:10 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\NvFBC64.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvdispgenco6439124.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvdispco6439124.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvcuvid.dll
2018-03-20 16:12:10 ----A---- C:\Windows\system32\nvcuda.dll
2018-03-20 16:12:09 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2018-03-20 16:12:09 ----A---- C:\Windows\system32\nvcompiler.dll
2018-03-19 17:57:19 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2018-03-19 17:56:07 ----D---- C:\Program Files\Adobe
2018-03-19 17:53:09 ----D---- C:\Program Files\Common Files\Adobe
2018-03-19 16:47:52 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2018-03-19 16:47:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2018-03-12 16:52:41 ----D---- C:\ProgramData\Steam
2018-03-11 17:51:10 ----D---- C:\Users\KejmlFX\AppData\Roaming\NVIDIA

======List of files/folders modified in the last 1 month======

2018-04-10 13:14:11 ----D---- C:\Windows\Prefetch
2018-04-10 13:13:04 ----RD---- C:\Program Files
2018-04-10 13:10:09 ----SHD---- C:\Windows\Installer
2018-04-10 13:10:09 ----D---- C:\Config.Msi
2018-04-10 12:25:33 ----D---- C:\ProgramData\NVIDIA
2018-04-10 10:12:10 ----D---- C:\Users\KejmlFX\AppData\Roaming\Skype
2018-04-10 09:33:25 ----D---- C:\Windows
2018-04-10 07:49:51 ----D---- C:\Windows\Minidump
2018-04-09 18:45:31 ----D---- C:\Users\KejmlFX\AppData\Roaming\vlc
2018-04-09 12:31:31 ----RD---- C:\Program Files (x86)
2018-04-09 12:31:20 ----D---- C:\Program Files (x86)\Google
2018-04-09 09:38:04 ----D---- C:\ProgramData
2018-04-08 19:18:10 ----D---- C:\Windows\SysWOW64
2018-04-08 19:18:10 ----D---- C:\Windows\system32\Tasks
2018-04-08 18:30:26 ----D---- C:\Windows\Tasks
2018-04-08 18:26:58 ----D---- C:\Users\KejmlFX\AppData\Roaming\uTorrent
2018-04-08 18:22:18 ----D---- C:\Windows\system32\drivers
2018-04-08 17:46:58 ----A---- C:\Windows\system.ini
2018-04-08 17:46:33 ----D---- C:\Windows\system32\drivers\etc
2018-04-08 17:41:24 ----D---- C:\Windows\SYSWOW64\drivers
2018-04-08 17:41:24 ----D---- C:\Windows\AppPatch
2018-04-08 17:41:24 ----D---- C:\Program Files (x86)\Common Files
2018-04-08 10:47:28 ----D---- C:\Windows\system32\config
2018-04-08 10:43:13 ----D---- C:\Windows\debug
2018-04-08 10:11:26 ----SD---- C:\ProgramData\Microsoft
2018-04-08 09:46:45 ----SD---- C:\Users\KejmlFX\AppData\Roaming\Microsoft
2018-04-08 09:24:19 ----D---- C:\Windows\inf
2018-04-07 20:29:38 ----D---- C:\Program Files\Common Files
2018-04-07 18:49:43 ----SHD---- C:\System Volume Information
2018-04-07 18:46:37 ----D---- C:\Windows\System32
2018-04-07 17:20:24 ----D---- C:\Windows\Microsoft.NET
2018-04-07 16:10:39 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2018-04-07 15:56:02 ----D---- C:\Windows\Downloaded Installations
2018-04-07 15:55:11 ----D---- C:\Windows\winsxs
2018-04-07 15:47:21 ----D---- C:\ProgramData\Package Cache
2018-04-02 17:29:23 ----D---- C:\Program Files\Mozilla Firefox
2018-04-02 17:29:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-30 05:32:48 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-03-30 05:32:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2018-03-30 05:31:13 ----RSD---- C:\Windows\Fonts
2018-03-30 05:30:32 ----D---- C:\Program Files\Microsoft Office
2018-03-25 13:41:38 ----D---- C:\Windows\system32\catroot2
2018-03-20 16:17:24 ----D---- C:\Temp
2018-03-20 16:17:23 ----D---- C:\ProgramData\NVIDIA Corporation
2018-03-20 16:16:59 ----D---- C:\Windows\system32\DriverStore
2018-03-20 16:16:59 ----D---- C:\Windows\system32\catroot
2018-03-19 20:48:52 ----D---- C:\Windows\rescache
2018-03-19 18:02:04 ----D---- C:\ProgramData\Adobe
2018-03-19 17:59:02 ----D---- C:\Users\KejmlFX\AppData\Roaming\Adobe
2018-03-19 17:56:24 ----D---- C:\Program Files (x86)\Adobe
2018-03-19 17:43:57 ----RSD---- C:\Windows\assembly
2018-03-19 16:49:07 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-03-19 16:48:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-03-19 16:48:29 ----D---- C:\Windows\system32\cs-CZ
2018-03-16 19:59:10 ----A---- C:\Windows\system32\nvwgf2umx.dll
2018-03-16 19:59:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2018-03-16 19:59:00 ----A---- C:\Windows\system32\nvumdshimx.dll
2018-03-16 19:58:06 ----A---- C:\Windows\system32\nvd3dumx.dll
2018-03-16 19:58:00 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2018-03-16 19:57:42 ----A---- C:\Windows\system32\nvapi64.dll
2018-03-16 19:57:38 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2018-03-16 12:52:49 ----D---- C:\Windows\Logs
2018-03-16 01:14:34 ----A---- C:\Windows\NvContainerRecovery.bat
2018-03-16 00:40:25 ----A---- C:\Windows\system32\nvsvc64.dll
2018-03-16 00:40:25 ----A---- C:\Windows\system32\nvcpl.dll
2018-03-16 00:40:23 ----A---- C:\Windows\system32\nvsvcr.dll
2018-03-16 00:40:23 ----A---- C:\Windows\system32\nvshext.dll
2018-03-16 00:40:23 ----A---- C:\Windows\system32\nvmctray.dll
2018-03-16 00:40:23 ----A---- C:\Windows\system32\nv3dappshextr.dll
2018-03-16 00:40:23 ----A---- C:\Windows\system32\nv3dappshext.dll
2018-03-13 16:35:28 ----D---- C:\Windows\SYSWOW64\directx

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avgbidsh;avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [2018-04-07 192536]
R0 avgblog;avgblog; C:\Windows\system32\drivers\avgbloga.sys [2018-04-07 336848]
R0 avgbuniv;avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [2018-04-07 50776]
R0 avgRvrt;avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [2018-04-07 76760]
R0 avgVmm;avgVmm; C:\Windows\system32\drivers\avgVmm.sys [2018-04-07 372920]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-08-13 112240]
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2013-09-06 27944]
R0 mvs91xx;mvs91xx; C:\Windows\system32\DRIVERS\mvs91xx.sys [2013-09-06 327464]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-06-08 213848]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2017-09-28 868848]
R1 avgArPot;avgArPot; C:\Windows\system32\drivers\avgArPot.sys [2018-04-07 189032]
R1 avgbdisk;avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [2018-04-07 166064]
R1 avgbidsdriver;avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [2018-04-07 220600]
R1 avgRdr;avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [2018-04-07 103744]
R1 avgSnx;avgSnx; C:\Windows\system32\drivers\avgSnx.sys [2018-04-07 1019088]
R1 avgSP;avgSP; C:\Windows\system32\drivers\avgSP.sys [2018-04-07 452904]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-06-08 516096]
R2 avgMonFlt;avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [2018-04-07 139608]
R2 avgStm;avgStm; C:\Windows\system32\drivers\avgStm.sys [2018-04-07 198368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-03 2480104]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2018-02-24 226760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2017-12-15 59240]
R3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2018-02-24 57928]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-06-08 42496]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-02-26 23981568]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-02-26 674816]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]
S3 avgHwid;avgHwid; C:\Windows\system32\drivers\avgHwid.sys [2018-04-07 39352]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 esgiguard;esgiguard; \??\C:\Users\KejmlFX\Downloads\SpyHunter v4.25.6.4782 Portable\App\SpyHunter\esgiguard.sys [2017-03-10 16432]
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2017-05-02 24728]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-01-10 31024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-06-08 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2016-12-21 40240]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2014-06-08 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-06-08 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2014-06-08 29696]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbser;DJI USB Virtual COM Driver; C:\Windows\system32\DRIVERS\usbser.sys [2014-06-08 33280]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-03-24 8521384]
R2 CscService;Offline soubory; C:\Windows\System32\svchost.exe [2014-06-08 27136]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10 519992]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-03-16 464272]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2018-01-10 461616]
R2 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-12-27 5132888]
R2 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2014-06-08 27136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 AVG Antivirus;AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 dahjService;dahjService; C:\ProgramData\dahjService\dahjService.exe -s 24 []
S2 MouseWithoutBordersSvc;Mouse without Borders Service; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2015-09-22 30320]
S2 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-28 194512]
S2 NetMsmqActivator;Adaptér naslouchání Net.Msmq; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S2 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10 519992]
S2 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-03-24 262824]
S2 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha; C:\Windows\System32\svchost.exe [2014-06-08 27136]
S2 WsAppService;Wondershare Application Framework Service; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [2017-03-20 473312]
S3 avgbIDSAgent;avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe []
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-02-26 249344]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-06-08 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S4 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2018-03-12 674768]
S4 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2017-02-27 145224]
S4 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-29 153168]
S4 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-29 153168]
S4 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-08 111616]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

neofiko je to domácí počítač

V tom případě vám nemohu pomoci. Viz pravidla: https://forum.viry.cz/viewtopic.php?f=12&t=115512 .

ok i tak děkuji

Nemáte zač!