VIRY.CZ

Zdravim, vcera sa som dostal trojana, pomocou asi troch online scanerov ( eset panda malwarebytes ) som peskenoval pc a odstranil vsetky hrozby co mi naslo. Chcel by som este dokoho poprosit aby mi skontroloval ci uz je vsetko v poriadku. Vdaka

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Rudolf Badžgoň (administrator) on RUDO (16-06-2018 11:06:04)
Running from C:\Users\Rudolf Badžgoň\Downloads
Loaded Profiles: Rudolf Badžgoň & rudo (Available Profiles: Rudolf Badžgoň & rudo)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
() C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6244\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.10155\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-04-24] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-03] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [796328 2014-06-06] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-05] (Google Inc.)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-04-02] (ZONER software)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {8154154b-a155-11e7-82e2-d8cb8a122dba} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {86572374-9a27-11e4-825a-d8cb8a122dba} - "F:\SETUP.EXE"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-06-14]
ShortcutTarget: Twitch.lnk -> C:\Users\Rudolf Badžgoň\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
Startup: C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wallpaper64 - odkaz.lnk [2017-10-12]
ShortcutTarget: wallpaper64 - odkaz.lnk -> C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\wallpaper64.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 178.18.67.1 8.8.8.8
Tcpip\..\Interfaces\{B4056F32-CDE9-436E-A2AA-59611EAC9348}: [DhcpNameServer] 178.18.67.1 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: WSKVAllmytubechrome - No CLSID Value

FireFox:
========
FF DefaultProfile: pqsz01li.default
FF ProfilePath: C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default [2018-06-16]
FF Extension: (Adblock Plus) - C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default\features\{308ad318-a350-4ce7-82f2-47769896166e}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-08] [Legacy]
FF ProfilePath: C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\6d9ckf32.default-1484498399634 [2018-06-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\default_apps\search.crx [2013-11-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-04-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4023296 2014-06-03] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-06-03] () [File not signed]
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-06-04] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-06-03] () [File not signed]
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2250240 2014-06-06] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-06-04] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [544256 2014-06-06] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-19] (Electronic Arts)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [27632 2014-04-30] (Micro-Star International)
R2 Wallpaper Engine Service; C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe [21504 2016-12-20] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-12] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-06-16] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-04-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103656 2018-06-16] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-16 11:06 - 2018-06-16 11:06 - 000018359 _____ C:\Users\Rudolf Badžgoň\Downloads\FRST.txt
2018-06-16 11:03 - 2018-06-16 11:06 - 000000000 ____D C:\FRST
2018-06-16 11:02 - 2018-06-16 11:02 - 002413056 _____ (Farbar) C:\Users\Rudolf Badžgoň\Downloads\FRST64.exe
2018-06-16 08:37 - 2018-06-16 08:37 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-06-16 08:36 - 2018-06-16 08:36 - 000001798 _____ C:\Windows\system32\.crusader
2018-06-16 08:29 - 2018-06-16 08:36 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-16 08:08 - 2018-06-16 08:38 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-16 08:08 - 2018-06-16 08:38 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-16 08:08 - 2018-06-16 08:38 - 000103656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-16 08:08 - 2018-06-16 08:38 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-16 08:08 - 2018-06-16 08:08 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-16 08:07 - 2018-06-16 08:07 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-16 08:07 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-15 21:29 - 2018-06-15 21:29 - 000001298 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2018-06-15 21:29 - 2018-06-15 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2018-06-15 21:29 - 2018-06-15 21:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-06-15 21:29 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2018-06-15 21:29 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-06-15 21:27 - 2018-06-15 21:27 - 038191600 _____ (Panda Security ) C:\Users\Rudolf Badžgoň\Downloads\PandaCloudCleaner.exe
2018-06-15 21:24 - 2018-06-15 22:13 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\FSDART
2018-06-15 21:24 - 2018-06-15 21:27 - 000000000 ____D C:\ProgramData\F-Secure
2018-06-15 21:24 - 2018-06-15 21:24 - 000524248 _____ (F-Secure Corporation) C:\Users\Rudolf Badžgoň\Downloads\F-SecureOnlineScanner.exe
2018-06-15 21:24 - 2018-06-15 21:24 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\F-Secure
2018-06-15 19:11 - 2018-06-15 19:11 - 006980728 _____ (ESET spol. s r.o.) C:\Users\Rudolf Badžgoň\Downloads\esetonlinescanner_sky.exe
2018-06-15 19:11 - 2018-06-15 19:11 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\ESET
2018-06-13 18:00 - 2018-06-13 18:00 - 000882317 _____ C:\Users\Rudolf Badžgoň\Downloads\Zaverecna_prezentacia_vzor_(1).pptx
2018-06-13 17:34 - 2018-06-13 19:28 - 1770015179 _____ C:\Users\Rudolf Badžgoň\Downloads\2014 Boh nie je mrtvy (God`s Not Dead).mkv
2018-06-13 14:52 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-13 14:52 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-13 14:52 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-13 14:52 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-13 14:52 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-13 14:52 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-13 14:52 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-13 14:52 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-13 14:52 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-13 14:52 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-13 14:52 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-13 14:52 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-13 14:52 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-13 14:52 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-13 14:52 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-13 14:52 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-13 14:52 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-13 14:52 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-13 14:52 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-13 14:52 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-13 14:52 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-13 14:52 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-13 14:52 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-13 14:52 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-13 14:52 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-13 14:52 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-13 14:52 - 2018-05-23 07:45 - 000027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uefi.sys
2018-06-13 14:52 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-13 14:52 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2018-06-13 14:52 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-06-13 14:52 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-13 14:52 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-13 14:52 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-06-13 14:52 - 2018-05-15 06:17 - 000032640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-13 14:52 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2018-06-13 14:52 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2018-06-13 14:52 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2018-06-13 14:52 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2018-06-13 14:52 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-13 14:52 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-13 14:52 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-13 14:52 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2018-06-13 14:52 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-13 14:52 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-13 14:52 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-13 14:52 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-13 14:52 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2018-06-13 14:52 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2018-06-13 14:52 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-13 14:52 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-13 14:52 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-06-13 14:52 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-06-13 14:52 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-06-13 14:52 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-06-13 14:52 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys
2018-06-13 14:52 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\NetVscCoinstall.dll
2018-06-13 14:52 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-06-13 14:52 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-06-13 14:52 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-06-13 14:52 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-06-13 14:52 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2018-06-13 14:52 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2018-06-08 12:45 - 2018-06-08 12:45 - 000072468 _____ C:\Users\Rudolf Badžgoň\Documents\cc_20180608_124540.reg
2018-06-02 20:21 - 2018-06-02 21:31 - 1278157798 _____ C:\Users\Rudolf Badžgoň\Downloads\Dokonala loupez CZ dabing 2018.avi
2018-05-23 17:18 - 2018-05-23 18:45 - 1541963544 _____ C:\Users\Rudolf Badžgoň\Downloads\Star Wars Poslední z Jediů (Star Wars The Last Jedi-2017-cz-dab)bySada.mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-16 11:03 - 2016-09-04 20:23 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\Battle.net
2018-06-16 10:57 - 2016-11-25 08:07 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\LocalLow\Mozilla
2018-06-16 10:55 - 2015-01-05 21:17 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2249863331-521022342-2866738468-1001
2018-06-16 10:47 - 2016-09-04 20:24 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-06-16 08:43 - 2016-09-04 20:21 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-06-16 08:38 - 2015-01-05 20:14 - 000051136 _____ C:\Windows\system32\perfh01B.dat
2018-06-16 08:38 - 2015-01-05 20:14 - 000013706 _____ C:\Windows\system32\perfc01B.dat
2018-06-16 08:38 - 2014-03-18 12:08 - 000914312 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-16 08:38 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-06-16 08:37 - 2015-01-05 23:44 - 000000304 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2018-06-16 08:37 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-16 08:14 - 2015-04-18 06:37 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\Imminent
2018-06-16 08:14 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-06-16 07:54 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-06-15 22:13 - 2017-01-15 18:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-15 22:13 - 2016-11-24 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-15 22:02 - 2016-01-12 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2018-06-15 22:02 - 2015-10-15 14:18 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2018-06-15 22:02 - 2015-05-23 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2018-06-15 21:14 - 2018-04-05 18:36 - 000000243 _____ C:\Users\Rudolf Badžgoň\Desktop\must to do.txt
2018-06-15 08:07 - 2015-01-05 20:36 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 08:05 - 2017-10-14 17:45 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 08:05 - 2015-01-05 20:36 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-15 08:05 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-06-15 08:03 - 2015-01-06 21:06 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\vlc
2018-06-15 08:02 - 2015-08-30 09:47 - 000000000 _____ C:\Users\Rudolf Badžgoň\rgmnr
2018-06-14 20:36 - 2018-03-30 08:38 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-13 18:15 - 2015-01-27 12:54 - 005496320 ___SH C:\Users\Rudolf Badžgoň\Desktop\Thumbs.db
2018-06-08 12:45 - 2015-06-13 16:30 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\TS3Client
2018-06-08 12:44 - 2015-01-05 20:51 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\CrashDumps
2018-06-08 12:38 - 2018-01-03 20:39 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\knihy
2018-06-08 12:38 - 2015-04-03 15:12 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\skola
2018-06-08 11:53 - 2016-12-28 21:47 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\Origin
2018-06-08 11:53 - 2016-12-28 21:42 - 000000000 ____D C:\ProgramData\Origin
2018-06-08 11:51 - 2017-12-22 18:53 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\Sk
2018-06-08 08:34 - 2017-01-15 18:57 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-07 20:58 - 2018-04-12 17:47 - 000004472 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 20:58 - 2015-01-05 21:05 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-07 20:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-07 20:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-05 21:19 - 2017-04-13 17:47 - 000835056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-05 21:19 - 2017-04-13 17:47 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-28 21:02 - 2015-01-05 21:12 - 000000000 ____D C:\Users\Rudolf Badžgoň
2018-05-24 17:24 - 2015-01-06 21:06 - 004181504 ___SH C:\Users\Rudolf Badžgoň\Downloads\Thumbs.db
2018-05-23 09:14 - 2017-10-21 10:58 - 000000236 _____ C:\Users\Rudolf Badžgoň\Desktop\games movies.txt
2018-05-19 08:55 - 2015-01-05 21:18 - 000003370 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-19 08:55 - 2015-01-05 21:17 - 000003242 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-10-22 09:04 - 2003-03-21 12:45 - 000250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2017-11-11 12:12 - 2018-02-10 18:57 - 000005120 _____ () C:\Users\Rudolf Badžgoň\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-03 15:20 - 2015-12-16 09:37 - 000007620 _____ () C:\Users\Rudolf Badžgoň\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-16 10:55

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Rudolf Badžgoň (16-06-2018 11:06:53)
Running from C:\Users\Rudolf Badžgoň\Downloads
Windows 8.1 (Update) (X64) (2015-01-05 19:12:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2249863331-521022342-2866738468-500 - Administrator - Disabled)
Guest (S-1-5-21-2249863331-521022342-2866738468-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2249863331-521022342-2866738468-1005 - Limited - Enabled)
rudo (S-1-5-21-2249863331-521022342-2866738468-1007 - Limited - Enabled) => C:\Users\rudo
Rudolf Badžgoň (S-1-5-21-2249863331-521022342-2866738468-1001 - Administrator - Enabled) => C:\Users\Rudolf Badžgoň

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{7F8ACF50-8902-490D-A364-2047AA204016}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{C80C12DC-3959-4028-1681-F2BF00866439}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{55FB36B8-663A-06C2-9A6F-34A0AFFD906C}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{27D9A3A3-D0D2-2260-A2AA-A7228B6022B6}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C59870AD-505D-4C9E-B625-D1DE6B1ABF8D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{38072574-E1D1-9B6C-EAB4-27E207E0B54A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{C7F2F764-33A8-7ED1-8ED9-BD594C814386}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{352C8FF2-CB23-F2C3-CC82-B2F20AC15B5C}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{13556222-6637-F9E8-A6A6-186D6996E5E0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3B8435FC-47AD-7A7E-BCBD-13DF296DB149}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B0199EE9-B640-3D24-29F8-99B1C425697A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{8F5D8F15-4A07-E887-C8FD-498804F2522F}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{1E60CDCF-E4AF-2B49-3473-E9C10C0D6031}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{2459C0BB-C5C8-2FD0-2437-BD92FB666A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{58011544-00D2-DD75-4E0D-944AD2D3773D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9E93DDED-A342-2621-8B33-A7FDE09E2A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{EBCCB5CD-B2B0-6870-DCC3-A7CCCC1B1B68}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D214F8C8-A231-E193-971C-7D185108F908}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C078842D-6E39-ACBA-8927-51697B6D89B0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CE1A9479-C86A-81A5-729F-9B65120D15E1}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{81DFFE49-771C-3262-99DD-35AB35FEF71A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{56C43946-966D-1B4B-3910-3B4741F9CAF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ClearSkinFX for Digital Cameras (HKLM-x32\...\ClearSkinFX for Digital Cameras_is1) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Disk Investigator 1.61 (HKLM-x32\...\Disk Investigator) (Version: 1.61 - Kevin Solway)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.59 - Spoločnosť Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version: - HalfBaked)
Imagine (HKLM-x32\...\Imagine) (Version: Version 2.0.0.420 - )
Imagine Plugin (HKLM-x32\...\ImaginePlugin) (Version: Version 2.0.0.420 - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.51.8439 - Intel(R) Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{4FEC5775-3E19-4791-9786-F6EB1B25D327}) (Version: 5.0.10.2832 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}) (Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel(R) Corporation) Hidden
Malwarebytes verzia 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 sk) (HKLM\...\Mozilla Firefox 60.0.2 (x64 sk)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.67 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.3 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 2.0.0.9 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.06 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
PhotoFiltre 7 (HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\PhotoFiltre 7) (Version: - )
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Your Software Deals (HKLM-x32\...\Your Software Deals_is1) (Version: - Ashampoo GmbH & Co. KG) <==== ATTENTION
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_SK_is1) (Version: 17.0.1.9 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12D20E67-383E-4456-9C00-5A6BD7C1A622} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {13D09AD6-A114-453D-9139-E35BA3CB8B5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-06-15] (Microsoft Corporation)
Task: {26194471-5454-4E8E-B776-30C35102997E} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)
Task: {26F325CE-5BEA-42B8-8DD7-7245E26F692B} - System32\Tasks\{B73AE33C-6654-4EA8-8694-C7DFFB8C3577} => C:\Windows\system32\pcalua.exe -a D:\start.exe -d D:\ -c ar
Task: {90B86634-B6A4-4EB8-B45E-41B28C02B80C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {939A0F8C-206F-4D43-BC07-09CEE12CBC45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B35D6E09-1C6D-400E-982F-44D70009AE18} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {BDBCBFFA-17C8-4074-BF15-7D18F160BEDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E8C77B90-A930-4E13-8156-8BA53185A21A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=4311&utm_medium=desktop&x-pos=Metro

==================== Loaded Modules (Whitelisted) ==============

2014-04-24 13:24 - 2014-04-24 13:24 - 000209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-04-24 13:24 - 2014-04-24 13:24 - 000057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-04-24 13:24 - 2014-04-24 13:24 - 000057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-04-24 13:24 - 2014-04-24 13:24 - 000037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-01-05 23:43 - 2014-06-03 18:37 - 001990144 _____ () C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
2017-10-12 17:52 - 2016-12-20 20:15 - 000021504 _____ () C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
2017-10-08 07:25 - 2016-12-20 20:15 - 000646144 _____ () C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
2018-06-16 08:07 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-16 08:07 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-01-05 23:43 - 2014-04-21 09:09 - 000150528 ____R () C:\Program Files (x86)\MSI\NetworkGenie\gep.dll
2015-01-05 23:43 - 2014-04-30 11:15 - 001723888 _____ () C:\MSI\Smart Utilities\SuperRAIDExt.DLL
2014-04-03 17:48 - 2014-04-03 17:48 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-06-01 10:28 - 2018-06-01 10:28 - 080169984 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\libcef.dll
2018-06-01 10:28 - 2018-06-01 10:28 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\ortp.dll
2018-06-01 10:28 - 2018-06-01 10:28 - 000133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\libEGL.dll
2018-06-01 10:28 - 2018-06-01 10:28 - 003384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\libGLESv2.dll
2018-06-01 10:29 - 2018-06-01 10:29 - 002246656 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\swiftshader\libglesv2.dll
2018-06-01 10:29 - 2018-06-01 10:29 - 000102912 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10155\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2018-03-30 08:38 - 000000899 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2249863331-521022342-2866738468-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Pozadie plochy.bmp
HKU\S-1-5-21-2249863331-521022342-2866738468-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 178.18.67.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{594E6B74-DDE2-46E6-AE0E-398B8EE155E0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D1887B78-19D1-46C4-9720-9329869240DF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F9AAAA2-0F02-49F6-856C-EA1E3842A55B}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{315CB238-603A-4C10-AD71-D6D463FE5165}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{3EE8DFC5-53E4-44E9-BF7F-68B5D70AA9B3}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{998206F5-2574-490F-9C06-DE8DDFE15EC2}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{48998C4D-6DDF-4B27-AE8E-11094F5F5249}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{85109F17-9381-4F08-AFEF-1773C2AC1169}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5541F4FB-F072-4C16-811C-C7C313FC330D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E928D9F6-CF8C-4686-8D58-ABC3A3DD367C}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [UDP Query User{9C6B82C1-EF4F-4044-AEE0-A372563CE4AF}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [TCP Query User{7EF2F78E-BC79-42F6-B7D4-971898EF5955}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.6160\agent.exe
FirewallRules: [UDP Query User{4980CABA-A15F-493D-B311-B4C92032E5E4}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.6160\agent.exe

==================== Restore Points =========================

30-04-2018 06:41:54 Scheduled Checkpoint
11-05-2018 12:09:18 paint.net 4.0.21
19-05-2018 09:59:16 Scheduled Checkpoint
15-06-2018 08:00:46 Windows Update
16-06-2018 08:34:30 Bod obnovy HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2018 08:34:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Prístup je odmietnutý.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f616cb1c-0dc4-479b-b4e5-f5f8a1dc6e02}

Error: (06/15/2018 10:16:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/15/2018 10:16:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/14/2018 08:04:25 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/12/2018 07:55:02 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/10/2018 08:05:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/09/2018 08:48:59 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/08/2018 12:44:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službe Windows Search sa nepodarilo spracovať zoznam zahrnutých a vylúčených umiestnení, pretože sa vyskytla chyba <30, 0x80040d07, "iehistory://{S-1-5-21-2249863331-521022342-2866738468-1001}/">.


System errors:
=============
Error: (06/16/2018 10:56:29 AM) (Source: DCOM) (EventID: 10010) (User: Rudo)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (06/16/2018 10:55:58 AM) (Source: DCOM) (EventID: 10010) (User: Rudo)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (06/16/2018 10:24:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (06/16/2018 08:39:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby eapihdrv zlyhalo kvôli nasledujúcej chybe:
Ovládač nie je možné načítať, pretože je zablokovaný.

Error: (06/16/2018 08:39:48 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RUDOLF~1\AppData\Local\Temp\ehdrv.sys

Error: (06/16/2018 08:39:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby eapihdrv zlyhalo kvôli nasledujúcej chybe:
Ovládač nie je možné načítať, pretože je zablokovaný.

Error: (06/16/2018 08:39:48 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RUDOLF~1\AppData\Local\Temp\ehdrv.sys

Error: (06/16/2018 08:39:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby eapihdrv zlyhalo kvôli nasledujúcej chybe:
Ovládač nie je možné načítať, pretože je zablokovaný.


Windows Defender:
===================================
Date: 2018-06-16 10:56:45.401
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8CD4B914-D98C-442E-B63C-9F92674D54F3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-15 18:46:38.262
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Name: Trojan:HTML/Brocoiner!rfn
ID: 2147724297
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\Rudolf Badžgoň\AppData\Local\Mozilla\Firefox\Profiles\pqsz01li.default\cache2\entries\CE94BF5164C04AE312403C4CA6A85F4F3B1133A2
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.269.1283.0, AS: 1.269.1283.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14901.4, NIS: 2.1.14600.4

Date: 2018-06-14 09:05:26.465
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {195366D7-7D2D-41EF-99CA-B88BF83653A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-10 17:54:24.472
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9368F61F-3A1D-4857-BBE2-827546E28CEB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-01 10:00:54.098
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1CEAE996-6AA5-45A1-8E18-BA4683BBF681}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-19 16:03:48.316
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.722.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2018-04-19 16:03:48.308
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.722.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2018-04-19 16:03:48.308
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.722.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2017-12-23 08:22:48.631
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.654.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2017-12-23 08:22:48.631
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.654.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2018-06-16 11:01:00.807
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-06-01 10:02:33.988
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-15 08:16:10.087
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-14 08:49:29.316
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-13 09:32:43.131
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-30 06:03:53.172
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-19 15:53:16.169
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-08 09:38:00.686
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8127.9 MB
Available physical RAM: 4698.88 MB
Total Virtual: 9535.9 MB
Available Virtual: 5012.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:714.35 GB) NTFS

\\?\Volume{3b4cd2d5-950e-11e4-824e-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2DDB2C4E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Vdaka za rychlu odpoved, tu je log
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-15.3
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-16-2018
# Duration: 00:00:01
# OS: Windows 8.1
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\PROIOCEMOINUSS
Deleted C:\Users\Rudolf Badžgoň\AppData\Roaming\imminent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SoftonicAssistant

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1577 octets] - [16/06/2018 16:28:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Rudolf Badžgoň (administrator) on RUDO (16-06-2018 17:02:43)
Running from C:\Users\Rudolf Badžgoň\Desktop
Loaded Profiles: Rudolf Badžgoň (Available Profiles: Rudolf Badžgoň & rudo)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe
() C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\wallpaper32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-04-24] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-03] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [796328 2014-06-06] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-05] (Google Inc.)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-04-02] (ZONER software)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {8154154b-a155-11e7-82e2-d8cb8a122dba} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {86572374-9a27-11e4-825a-d8cb8a122dba} - "F:\SETUP.EXE"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-06-14]
ShortcutTarget: Twitch.lnk -> C:\Users\Rudolf Badžgoň\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
Startup: C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wallpaper64 - odkaz.lnk [2017-10-12]
ShortcutTarget: wallpaper64 - odkaz.lnk -> C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\wallpaper64.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 178.18.67.1 8.8.8.8
Tcpip\..\Interfaces\{B4056F32-CDE9-436E-A2AA-59611EAC9348}: [DhcpNameServer] 178.18.67.1 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: WSKVAllmytubechrome - No CLSID Value

FireFox:
========
FF DefaultProfile: pqsz01li.default
FF ProfilePath: C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default [2018-06-16]
FF Extension: (Adblock Plus) - C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\pqsz01li.default\features\{308ad318-a350-4ce7-82f2-47769896166e}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-08] [Legacy]
FF ProfilePath: C:\Users\Rudolf Badžgoň\AppData\Roaming\Mozilla\Firefox\Profiles\6d9ckf32.default-1484498399634 [2018-06-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\default_apps\search.crx [2013-11-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-04-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4023296 2014-06-03] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-06-03] () [File not signed]
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-06-04] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-06-03] () [File not signed]
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2250240 2014-06-06] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-06-04] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [544256 2014-06-06] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-19] (Electronic Arts)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [27632 2014-04-30] (Micro-Star International)
R2 Wallpaper Engine Service; C:\Users\Rudolf Badžgoň\Downloads\Wallpaper Engine\Wallpaper Engine\bin\wallpaperservice32_c.exe [21504 2016-12-20] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-12] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-06-16] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-04-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103656 2018-06-16] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-16 16:26 - 2018-06-16 16:29 - 000000000 ____D C:\AdwCleaner
2018-06-16 16:26 - 2018-06-16 16:26 - 007372496 _____ (Malwarebytes) C:\Users\Rudolf Badžgoň\Desktop\adwcleaner_7.2.0.exe
2018-06-16 11:11 - 2018-06-16 17:03 - 000017993 _____ C:\Users\Rudolf Badžgoň\Desktop\FRST.txt
2018-06-16 11:11 - 2018-06-16 11:11 - 000040688 _____ C:\Users\Rudolf Badžgoň\Desktop\Addition.txt
2018-06-16 11:06 - 2018-06-16 11:07 - 000040685 _____ C:\Users\Rudolf Badžgoň\Downloads\Addition.txt
2018-06-16 11:06 - 2018-06-16 11:07 - 000035616 _____ C:\Users\Rudolf Badžgoň\Downloads\FRST.txt
2018-06-16 11:03 - 2018-06-16 17:02 - 000000000 ____D C:\FRST
2018-06-16 11:02 - 2018-06-16 11:02 - 002413056 _____ (Farbar) C:\Users\Rudolf Badžgoň\Desktop\FRST64.exe
2018-06-16 08:37 - 2018-06-16 08:37 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-06-16 08:36 - 2018-06-16 08:36 - 000001798 _____ C:\Windows\system32\.crusader
2018-06-16 08:29 - 2018-06-16 08:36 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-16 08:08 - 2018-06-16 16:30 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-16 08:08 - 2018-06-16 16:30 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-16 08:08 - 2018-06-16 16:30 - 000103656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-16 08:08 - 2018-06-16 16:30 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-16 08:08 - 2018-06-16 08:08 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-16 08:07 - 2018-06-16 08:07 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-16 08:07 - 2018-06-16 08:07 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-16 08:07 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-15 21:29 - 2018-06-15 21:29 - 000001298 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2018-06-15 21:29 - 2018-06-15 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2018-06-15 21:29 - 2018-06-15 21:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-06-15 21:29 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2018-06-15 21:29 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-06-15 21:27 - 2018-06-15 21:27 - 038191600 _____ (Panda Security ) C:\Users\Rudolf Badžgoň\Downloads\PandaCloudCleaner.exe
2018-06-15 21:24 - 2018-06-15 22:13 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\FSDART
2018-06-15 21:24 - 2018-06-15 21:27 - 000000000 ____D C:\ProgramData\F-Secure
2018-06-15 21:24 - 2018-06-15 21:24 - 000524248 _____ (F-Secure Corporation) C:\Users\Rudolf Badžgoň\Downloads\F-SecureOnlineScanner.exe
2018-06-15 21:24 - 2018-06-15 21:24 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\F-Secure
2018-06-15 19:11 - 2018-06-15 19:11 - 006980728 _____ (ESET spol. s r.o.) C:\Users\Rudolf Badžgoň\Downloads\esetonlinescanner_sky.exe
2018-06-15 19:11 - 2018-06-15 19:11 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\ESET
2018-06-13 18:00 - 2018-06-13 18:00 - 000882317 _____ C:\Users\Rudolf Badžgoň\Downloads\Zaverecna_prezentacia_vzor_(1).pptx
2018-06-13 17:34 - 2018-06-13 19:28 - 1770015179 _____ C:\Users\Rudolf Badžgoň\Downloads\2014 Boh nie je mrtvy (God`s Not Dead).mkv
2018-06-13 14:52 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-13 14:52 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-13 14:52 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-13 14:52 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-13 14:52 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-13 14:52 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-13 14:52 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-13 14:52 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-13 14:52 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-13 14:52 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-13 14:52 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-13 14:52 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-13 14:52 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-13 14:52 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-13 14:52 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-13 14:52 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-13 14:52 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-13 14:52 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-13 14:52 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-13 14:52 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-13 14:52 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-13 14:52 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-13 14:52 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-13 14:52 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-13 14:52 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-13 14:52 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-13 14:52 - 2018-05-23 07:45 - 000027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\uefi.sys
2018-06-13 14:52 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-13 14:52 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2018-06-13 14:52 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-06-13 14:52 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-13 14:52 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-13 14:52 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-06-13 14:52 - 2018-05-15 06:17 - 000032640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-13 14:52 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2018-06-13 14:52 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2018-06-13 14:52 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2018-06-13 14:52 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2018-06-13 14:52 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-13 14:52 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-13 14:52 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-13 14:52 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2018-06-13 14:52 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-13 14:52 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-13 14:52 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-13 14:52 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-13 14:52 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2018-06-13 14:52 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2018-06-13 14:52 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-13 14:52 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-13 14:52 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-06-13 14:52 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-06-13 14:52 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-06-13 14:52 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-06-13 14:52 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys
2018-06-13 14:52 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\NetVscCoinstall.dll
2018-06-13 14:52 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-06-13 14:52 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-06-13 14:52 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-06-13 14:52 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-06-13 14:52 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2018-06-13 14:52 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2018-06-08 12:45 - 2018-06-08 12:45 - 000072468 _____ C:\Users\Rudolf Badžgoň\Documents\cc_20180608_124540.reg
2018-06-02 20:21 - 2018-06-02 21:31 - 1278157798 _____ C:\Users\Rudolf Badžgoň\Downloads\Dokonala loupez CZ dabing 2018.avi
2018-05-23 17:18 - 2018-05-23 18:45 - 1541963544 _____ C:\Users\Rudolf Badžgoň\Downloads\Star Wars Poslední z Jediů (Star Wars The Last Jedi-2017-cz-dab)bySada.mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-16 16:34 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-06-16 16:30 - 2016-11-25 08:07 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\LocalLow\Mozilla
2018-06-16 16:29 - 2015-01-05 23:44 - 000000304 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2018-06-16 16:29 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-16 11:53 - 2016-09-04 20:23 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\Battle.net
2018-06-16 11:19 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2018-06-16 10:55 - 2015-01-05 21:17 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2249863331-521022342-2866738468-1001
2018-06-16 10:47 - 2016-09-04 20:24 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-06-16 08:43 - 2016-09-04 20:21 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-06-16 08:38 - 2015-01-05 20:14 - 000051136 _____ C:\Windows\system32\perfh01B.dat
2018-06-16 08:38 - 2015-01-05 20:14 - 000013706 _____ C:\Windows\system32\perfc01B.dat
2018-06-16 08:38 - 2014-03-18 12:08 - 000914312 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-16 08:14 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-06-16 07:54 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-06-15 22:13 - 2017-01-15 18:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-15 22:13 - 2016-11-24 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-15 22:02 - 2016-01-12 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2018-06-15 22:02 - 2015-10-15 14:18 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2018-06-15 22:02 - 2015-05-23 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2018-06-15 21:14 - 2018-04-05 18:36 - 000000243 _____ C:\Users\Rudolf Badžgoň\Desktop\must to do.txt
2018-06-15 08:07 - 2015-01-05 20:36 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 08:05 - 2017-10-14 17:45 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 08:05 - 2015-01-05 20:36 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-15 08:05 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-06-15 08:03 - 2015-01-06 21:06 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\vlc
2018-06-15 08:02 - 2015-08-30 09:47 - 000000000 _____ C:\Users\Rudolf Badžgoň\rgmnr
2018-06-14 20:36 - 2018-03-30 08:38 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-13 18:15 - 2015-01-27 12:54 - 005496320 ___SH C:\Users\Rudolf Badžgoň\Desktop\Thumbs.db
2018-06-08 12:45 - 2015-06-13 16:30 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\TS3Client
2018-06-08 12:44 - 2015-01-05 20:51 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Local\CrashDumps
2018-06-08 12:38 - 2018-01-03 20:39 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\knihy
2018-06-08 12:38 - 2015-04-03 15:12 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\skola
2018-06-08 11:53 - 2016-12-28 21:47 - 000000000 ____D C:\Users\Rudolf Badžgoň\AppData\Roaming\Origin
2018-06-08 11:53 - 2016-12-28 21:42 - 000000000 ____D C:\ProgramData\Origin
2018-06-08 11:51 - 2017-12-22 18:53 - 000000000 ____D C:\Users\Rudolf Badžgoň\Desktop\Sk
2018-06-08 08:34 - 2017-01-15 18:57 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-07 20:58 - 2018-04-12 17:47 - 000004472 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 20:58 - 2015-01-05 21:05 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-07 20:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-07 20:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-05 21:19 - 2017-04-13 17:47 - 000835056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-05 21:19 - 2017-04-13 17:47 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-28 21:02 - 2015-01-05 21:12 - 000000000 ____D C:\Users\Rudolf Badžgoň
2018-05-24 17:24 - 2015-01-06 21:06 - 004181504 ___SH C:\Users\Rudolf Badžgoň\Downloads\Thumbs.db
2018-05-23 09:14 - 2017-10-21 10:58 - 000000236 _____ C:\Users\Rudolf Badžgoň\Desktop\games movies.txt
2018-05-19 08:55 - 2015-01-05 21:18 - 000003370 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-19 08:55 - 2015-01-05 21:17 - 000003242 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-10-22 09:04 - 2003-03-21 12:45 - 000250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2017-11-11 12:12 - 2018-02-10 18:57 - 000005120 _____ () C:\Users\Rudolf Badžgoň\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-03 15:20 - 2015-12-16 09:37 - 000007620 _____ () C:\Users\Rudolf Badžgoň\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-16 10:55

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-05] (Google Inc.)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {8154154b-a155-11e7-82e2-d8cb8a122dba} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {86572374-9a27-11e4-825a-d8cb8a122dba} - "F:\SETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: WSKVAllmytubechrome - No CLSID Value
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Rudolf Badžgoň\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Rudolf Badžgoň (16-06-2018 18:08:19) Run:1
Running from C:\Users\Rudolf Badžgoň\Desktop
Loaded Profiles: Rudolf Badžgoň (Available Profiles: Rudolf Badžgoň & rudo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-05] (Google Inc.)
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {8154154b-a155-11e7-82e2-d8cb8a122dba} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-2249863331-521022342-2866738468-1001\...\MountPoints2: {86572374-9a27-11e4-825a-d8cb8a122dba} - "F:\SETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2249863331-521022342-2866738468-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: WSKVAllmytubechrome - No CLSID Value
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Rudolf Bad�go�\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2249863331-521022342-2866738468-1001\Software\Microsoft\Windows\CurrentVersion\Run\\swg" => removed successfully
"HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8154154b-a155-11e7-82e2-d8cb8a122dba}" => removed successfully
HKLM\Software\Classes\CLSID\{8154154b-a155-11e7-82e2-d8cb8a122dba} => not found
"HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86572374-9a27-11e4-825a-d8cb8a122dba}" => removed successfully
HKLM\Software\Classes\CLSID\{86572374-9a27-11e4-825a-d8cb8a122dba} => not found
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
"HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2249863331-521022342-2866738468-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"C:\Users\Rudolf Bad�go�\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58173568 B
Java, Flash, Steam htmlcache => 1263 B
Windows/system/drivers => 104352 B
Edge => 0 B
Chrome => 6472828 B
Firefox => 627362985 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 11536004 B
LocalService => 0 B
NetworkService => 906372 B
Rudolf Badžgoň => 12651373 B
rudo => 198846 B

RecycleBin => 9195 B
EmptyTemp: => 684.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:10:00 ====

OK. Log by již měl být čistý.

Ďakujem pekne za pomoc

Nemáte zač!