VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by 05667 at 2018-08-22 00:00:21
Microsoft Windows 8.1
System drive C: has 280 GB (62%) free of 455 GB
Total RAM: 3982 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:00:34, on 22.8.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Program Files\trend micro\05667.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_SF2B3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [f.lux] "C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Startup: RT-Updater-SVO.lnk = C:\Ross-Tech\VCDS-SVO\VCDS.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7022 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
adb fork-server server
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
dashost.exe {7d2bf695-3b8a-420a-88831fbe7db64769}
"C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
dashost.exe {e5fd5057-bd8a-420c-8f1047af46b92cb8}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\05667\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\05667\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\05667\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7fff0a4424d0,0x7fff0a4424e0,0x7fff0a4424f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5096 --on-initialized-event-handle=452 --parent-handle=456 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=6B19402E8280DF025D8936544F7B085A --mojo-platform-channel-handle=1292 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=DBEF4400F206D2C643AE7827BC72D315 --lang=sk --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=DBEF4400F206D2C643AE7827BC72D315 --renderer-client-id=3 --mojo-platform-channel-handle=2572 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=97E4C0A2B4094AAD4344A722F232BE5F --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=97E4C0A2B4094AAD4344A722F232BE5F --renderer-client-id=8 --mojo-platform-channel-handle=4588 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=23546143B8277D47A5F525B77CF8E7F9 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=23546143B8277D47A5F525B77CF8E7F9 --renderer-client-id=9 --mojo-platform-channel-handle=4660 /prefetch:1
"C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=C4B652AA33DCA3253D7D5B9ADCEDDD33 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C4B652AA33DCA3253D7D5B9ADCEDDD33 --renderer-client-id=18 --mojo-platform-channel-handle=5480 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=01630141BB888F2B6632FB99F8206ABC --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=01630141BB888F2B6632FB99F8206ABC --renderer-client-id=65 --mojo-platform-channel-handle=5232 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=43E07CF1D77AF00AFEF334E30099C58F --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=43E07CF1D77AF00AFEF334E30099C58F --renderer-client-id=66 --mojo-platform-channel-handle=5576 /prefetch:1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=8D996D64B2E077BCFA90467A266702B1 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8D996D64B2E077BCFA90467A266702B1 --renderer-client-id=67 --mojo-platform-channel-handle=5464 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 584 588 596 65536 592
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1268,9078537362917045554,14225204601551968435,131072 --service-pipe-token=0568CC7165DE44D94DA20C47EECAD14A --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=0568CC7165DE44D94DA20C47EECAD14A --renderer-client-id=70 --mojo-platform-channel-handle=6220 /prefetch:1
"C:\Users\05667\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Epson Printer Software Downloader.job - C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-23 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-23 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-07-13 12936848]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2013-10-01 391128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2013-10-01 771032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2013-10-01 769496]
"ACMON"=C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-09-12 107192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-02-13 169768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX110 Series"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE [2008-09-27 223232]
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2017-08-30 2298880]
"f.lux"=C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe [2018-07-03 1806344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"EEventManager"=C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-10 3890208]
"ProductUpdater"=C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [2015-12-16 73216]

C:\Users\05667\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RT-Updater-SVO.lnk - C:\Ross-Tech\VCDS-SVO\VCDS.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2013-10-01 623104]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-15 17:17:06 ----D---- C:\Ross-Tech

======List of files/folders modified in the last 1 month======

2018-08-22 00:00:29 ----D---- C:\Program Files\trend micro
2018-08-22 00:00:28 ----D---- C:\WINDOWS\Prefetch
2018-08-22 00:00:10 ----D---- C:\WINDOWS\system32\sru
2018-08-21 23:13:32 ----D---- C:\Users\05667\AppData\Roaming\vlc
2018-08-21 23:01:55 ----D---- C:\WINDOWS\Temp
2018-08-15 20:04:52 ----D---- C:\WINDOWS\Inf
2018-08-15 18:41:06 ----D---- C:\WINDOWS\system32\catroot
2018-08-15 17:22:15 ----RD---- C:\WINDOWS\System32
2018-08-15 17:22:15 ----D---- C:\WINDOWS\system32\drivers
2018-08-15 17:18:12 ----D---- C:\WINDOWS\system32\DriverStore
2018-08-15 17:18:12 ----D---- C:\Program Files\DIFX
2018-08-15 17:17:44 ----D---- C:\Windows
2018-08-15 16:18:17 ----D---- C:\WINDOWS\Microsoft.NET
2018-08-14 21:23:07 ----D---- C:\WINDOWS\SysWOW64
2018-08-14 21:22:56 ----D---- C:\WINDOWS\system32\Macromed
2018-08-14 21:22:53 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-08-14 20:46:48 ----D---- C:\WINDOWS\system32\config
2018-07-27 23:36:32 ----D---- C:\WINDOWS\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-23 65776]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-23 208416]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-24 645952]
R0 SCMNdisP;@oem103.inf,%SCMNDISP_Desc%;General NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2014-04-23 93568]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-17 1039096]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-17 423240]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 dtsoftbus01;@oem104.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2017-11-28 254528]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-23 79184]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2014-05-17 85328]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\WINDOWS\system32\DRIVERS\RMCAST.sys [2015-11-05 145408]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2012-09-18 17152]
R3 athr;@oem23.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2013-08-14 3837440]
R3 ATP;@oem7.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2013-12-12 70928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 HIDSwitch;@oem6.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2012-05-31 21152]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2013-10-01 4177920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-07-17 4094608]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 iwdbus;@oem27.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-08-23 26008]
R3 kbfiltr;@oem5.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\WINDOWS\System32\drivers\kbfiltr.sys [2012-08-02 14992]
R3 MEIx64;@oem19.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 RSBASTOR;@oem3.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys [2012-07-03 295056]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-04-23 29208]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\C:\eSupport\eDriver\I386\AsPrOb64.sys [2010-05-26 12416]
S3 BCMH43XX;@oem23.inf,%BCMH43XX_Service_DispName%;Broadcom 802.11 USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwlhigh664.sys [2015-02-10 1255672]
S3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2015-01-30 132608]
S3 bthav;@oem10.inf,%AVFilter.SvcDesc%;Bluetooth AV Profile; C:\WINDOWS\system32\drivers\bthav.sys [2008-07-10 40448]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2014-10-08 32768]
S3 BthMtpEnum;@bthmtpenum.inf,%BthMtpEnum.SVCDESC%;Bluetooth MTP Device Enumerator; C:\WINDOWS\system32\DRIVERS\BthMtpEnum.sys [2013-08-22 62976]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
S3 dc3d;@oem9.inf,%dc3d.SvcDesc%;MS Hardware Device Detection Driver (USB); C:\WINDOWS\System32\drivers\dc3d.sys [2011-05-18 47616]
S3 dg_ssudbus;@oem101.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 HTCAND64;@oem108.inf,%HTCAND64.SvcDesc%;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 intaud_WaveExtensible;@oem26.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-08-23 39320]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\DRIVERS\npf.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RtkBtFilter;@oem28.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [2013-07-29 47320]
S3 RT-USB;@oem112.inf,%SvcDesc%;Ross-Tech USB driver; C:\WINDOWS\system32\drivers\RT-USB64.SYS [2014-05-12 97152]
S3 ssudmdm;@oem75.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2015-04-25 20992]
S3 USBAAPL64;@oem73.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-12-13 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\WINDOWS\System32\drivers\usbscan.sys [2013-08-22 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-19 77128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-23 50344]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2013-08-22 37768]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2016-09-20 87368]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2013-08-22 37768]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-02-13 643880]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-10-06 110976]
S4 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-04-13 277120]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-22 96896]
S4 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2013-10-01 279000]
S4 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-06 136120]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-13 2451456]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-21 635104]
S4 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-06-27 129856]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 277824]
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S4 NAUpdate;Nero Update; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 365376]

-----------------EOF-----------------

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-20.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-22-2018
# Duration: 00:00:22
# OS: Windows 8.1
# Scanned: 41803
# Detected: 12


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Program Files (x86)\Common Files\freemake shared
PUP.Optional.OpenCandy C:\Users\05667\AppData\Roaming\How Inc

***** [ Files ] *****

PUP.Optional.BestYouTubeDownloader C:\Users\05667\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|tsiVideo
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Smartbar
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\slunecnice.cz
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\softonic.com

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-20.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-22-2018
# Duration: 00:00:05
# OS: Windows 8.1
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\freemake shared
Deleted C:\Users\05667\AppData\Roaming\How Inc

***** [ Files ] *****

Deleted C:\Users\05667\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Deleted HKCU\Software\csastats
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|tsiVideo
Deleted HKCU\Software\AppDataLow\Software\Smartbar
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\slunecnice.cz
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\softonic.com

***** [ Chromium (and derivatives) ] *****

Deleted MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2401 octets] - [22/08/2018 12:37:45]
AdwCleaner[S01].txt - [2462 octets] - [22/08/2018 12:40:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Poprosim o logy z FRST (Farbar Recovery Scan Tool)

• Stiahni FRST a uloz na plochu: https://www.bleepingcomputer.com/downlo ... scan-tool/
• Je potrebne stiahnut 32 alebo 64 bitovu verziu podla operacneho systemu; ak si nie si isty, stiahni a vyskusaj obidve (spustit pojde len jedna)
• Klikni na FRST pravym tlacitkom mysi a vyber Spustit ako spravca
• Odsuhlas licencne podmienky
• Klikni na Scan a pockaj na dokoncenie
• Obidva vytvorene logy (FRST.txt a Addition.txt) vloz do nasledujcej odpovede
• Ak sa logy nezmestia do jednej odpovede, rozdel ich do viac odpovedi, pripadne zabal do archivu ZIP a posli ako prilohu

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by 05667 (25-08-2018 18:22:06)
Running from C:\Users\05667\Desktop
Windows 8.1 (Update) (X64) (2013-10-22 13:47:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

05667 (S-1-5-21-3641774439-2828617140-3225078060-1001 - Administrator - Enabled) => C:\Users\05667
Administrator (S-1-5-21-3641774439-2828617140-3225078060-500 - Administrator - Disabled)
Guest (S-1-5-21-3641774439-2828617140-3225078060-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3641774439-2828617140-3225078060-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
C:\Program files\Adobe\LRcestina_uninstall.exe (HKLM-x32\...\CZ Lokalizace pro Lightroom 4.x_is1) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
D-PDU API V1.10.046 D-PDU API for VOLKSWAGEN (HKLM-x32\...\D-PDU API V1.10.046 D-PDU API for VOLKSWAGEN) (Version: - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}) (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX110_TX110 Manuál (HKLM-x32\...\Epson Stylus SX110_TX110 Používatelská prírucka) (Version: - )
EPSON SX110 Series Printer Uninstall (HKLM\...\EPSON SX110 Series) (Version: - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Flux) (Version: - f.lux Software LLC)
FastShare.cz version 2.1 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.1 - )
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Free Video Splitter (HKLM-x32\...\{EAE005AD-F629-49DD-A605-C2264267622A}) (Version: 1.0.0 - Media Freeware)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Downloader 4.2.795 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Freemake Audio Converter version 1.1.7 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.7 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.10.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.1 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.88.2 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jing (HKLM-x32\...\{F6158B29-CBD5-4235-ADF7-06D76F8BDBA1}) (Version: 2.3.10110 - TechSmith Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeInCloud Password Manager (HKLM-x32\...\{8F417C7F-E3D1-4F9A-AD68-1D26E1E6F648}) (Version: 17.3.1 - Andrey Shcherbakov)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sound Agent 2 (HKLM-x32\...\{4D3EE131-ABD1-11D7-B52A-00104B72EEDB}) (Version: 1.00.117 - )
Total Video Converter 3.20 090114 (HKLM-x32\...\Total Video Converter 3.21_is1) (Version: - EffectMatrix Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCDS SVO 17.1 (HKLM-x32\...\VCDS SVO) (Version: SVO 17.1.3 - Ross-Tech, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Driver Package - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wondershare Video Converter Free(Build 6.5.2.3) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.2.3 - Wondershare Software)
XviD4PSP 5.0 (HKLM-x32\...\XviD4PSP5) (Version: 5.036 - Winnydows)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3641774439-2828617140-3225078060-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\05667\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2018-03-26] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27FAE184-819A-468F-ADBA-5152B0E133DB} - System32\Tasks\{E8070EF8-7C4C-4715-A041-AEAF426BCB27} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\05667\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_1.4.8.0.exe -d C:\Users\05667\Downloads
Task: {3321C53A-ACF2-49C3-8C86-B54AE849125A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641774439-2828617140-3225078060-1001Core => C:\Users\05667\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {380B75E9-8992-4AD0-A268-60B7FA3D37D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {4364CF47-2439-4B2E-80A4-BF3A55676997} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {608368C1-D6A6-4166-A759-3293ECE2916E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {6CCC7DAA-FBD2-4064-BAE2-F420C74E4CBD} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {7846917B-A737-488A-9B49-08BB4C183C71} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {7B3ACB86-ADE5-4A22-B537-27D4F198795A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {7B6DB8B8-662D-498A-AAE5-EDFCB9B4FC31} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {AC4C1A02-88BF-46B3-8DF5-334792471943} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C170D01D-841C-46A5-8574-BFEE614F00A4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {C58042BD-E20E-4C7C-9663-AA3F56DF393D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {CD641FAF-B4A9-4D37-ABE5-226C7F199152} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641774439-2828617140-3225078060-1001UA => C:\Users\05667\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D057AF70-0349-4F49-84F7-B4667A1C7605} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {D7883225-9875-4AE2-9782-5BE4D5B96DEE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {DBF1633F-CC49-4703-BC9A-76170983E71F} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3641774439-2828617140-3225078060-1001
Task: {E8799010-2421-4D66-B050-EDBB2BD5377E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F7AD1AED-E7F1-4867-8B39-8856BD01D82E} - System32\Tasks\{34F6B1B6-538D-4546-93AD-3E7FE6AFA94C} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/sk/abandoninstall?source=lightinstaller&page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\05667\AppData\Local\Google\Chrome\User Data\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 19:27 - 2012-12-07 19:27 - 000167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2017-10-26 14:35 - 2017-10-26 14:35 - 000821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2018-08-22 14:39 - 2018-05-08 12:23 - 000203760 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2018-08-24 16:46 - 2018-03-26 15:52 - 000727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2018-08-09 19:36 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-09 19:36 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-23 18:21 - 2018-08-23 18:21 - 005679248 _____ () C:\Program Files\AVAST Software\Avast\defs\18082304\algo.dll
2018-08-25 16:44 - 2018-08-25 16:44 - 005679248 _____ () C:\Program Files\AVAST Software\Avast\defs\18082502\algo.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2017-10-26 14:35 - 2017-10-26 14:35 - 000129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2017-10-26 14:37 - 2017-10-26 14:37 - 000223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2013-10-15 19:59 - 000010316 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 update.ross-tech.com
127.0.0.1 ross-tech.com
127.0.0.1 update.ross-tech.com
127.0.0.1 www.vcds.eu
127.0.0.1 www.adako.pl
127.0.0.1 www.ross-tech.com
127.0.0.1 www.vcds.pl
127.0.0.1 www.vag-com.pl
127.0.0.1 crl.certum.pl
127.0.0.1 tsa.certum.pl
127.0.0.1 www.certum.pl
127.0.0.1 ocsp.certum.pl
127.0.0.1 ross-tech.com
127.0.0.1 www.diag.ro
127.0.0.1 diag.ro
127.0.0.1 crl.verisign.net
127.0.0.1 ocsp.verisign.net
127.0.0.1 ocsp.verisign.com
127.0.0.1 OCSP.AMS1.VERISIGN.COM
127.0.0.1 OCSP.FRA1.VERISIGN.COM
127.0.0.1 OCSP.LAX2.VERISIGN.COM
127.0.0.1 OCSP.TKO2.VERISIGN.COM
127.0.0.1 crl.comodo.com
127.0.0.1 crl.geotrust.com
127.0.0.1 http://ocsp.verisign.net
127.0.0.1 http://ocsp.verisign.com
127.0.0.1 OCSP.NYC3.VERISIGN.NET
127.0.0.1 OCSP.NYC3.VERISIGN.COM
127.0.0.1 OCSP.SFO1.VERISIGN.NET
127.0.0.1 Ross-Tech-cust-66-212-10-238.netcarrier.net

There are 251 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\05667\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS InstantOn => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NETGEAR WNA3100 Genie.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QveCtl2Tray"
HKLM\...\StartupApproved\Run32: => "ACMON"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Epson Stylus SX110"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "EPSON SX110 Series"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "wLite"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "SafeInCloud"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5D0BD77C-FDA0-486D-B09A-72208025B747}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{70149F67-1F5A-4D34-AADC-F8C598565862}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F5A6A22F-123D-4754-B71A-B1523753C68E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{36834A47-ED28-4C2F-821E-9BD921AFE55E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{569DA3CE-BEB5-48E7-889E-280807FE9A5C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D0AD7D31-B3A3-4C7B-BAC4-709968DE0DBE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E02126C5-D424-4B00-B86A-3702E079C2BC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6669842B-681B-4F59-AB16-FEEDA8F71502}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5EA1BC41-134E-484F-AD38-92EB60CD616E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{14A2B9D3-2CF0-4A09-A102-7593F3B5CA40}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{756CEDB1-F658-473D-BD09-D1B32050FB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5FE44CBF-E2EB-4B6F-A51B-36416DB3BA18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5710208A-7DEB-43FB-8AB6-F38B16944613}] => (Allow) LPort=2799
FirewallRules: [{191813B2-05A8-4206-91F5-C6B89A0116C1}] => (Allow) LPort=2799
FirewallRules: [{9D21453A-2A27-4C96-986C-A4AC8D5F91DF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6E13DAB0-3829-4783-8F3D-DEE27D973E39}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B04F3CA-7CEC-4513-8606-E1648544E422}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E1A096C2-4A39-42E3-B2DB-F77DED37ECF9}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{15C387D3-156A-4676-A50D-6F0274D2E4BC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{2073273F-03CE-4395-8213-6B57DD5139A0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{DBCD08AA-BA1B-4BC6-9700-2B9D5B41906D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{CF80A96F-EC27-46CB-90E1-9D940C2031CC}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{D85110DC-5FE7-4A85-809A-97397769B0DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D392BB56-6685-4D05-8E9D-36EAFADECED4}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCDS.EXE
FirewallRules: [{5E2963B3-8837-4F71-B776-66998A11BDB9}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCIConfig.EXE
FirewallRules: [{DA4ABA4E-944F-4B54-9CDC-00A7CBD7A679}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{531B6260-B955-4EF9-871C-0D4AFEF3EA11}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{5459A717-2A1B-4C9D-B03B-8A348CC95A9A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{D82D5CE3-DCDE-4487-9D75-0D778AE8B984}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{0464C189-9C28-4057-A426-9667A9C33DE8}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A4B8F3AB-EFA6-4D86-98CF-1DEBB8A2AFC8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2018 06:03:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:51:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:41:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:41:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/25/2018 06:03:33 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:51:07 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:41:31 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:41:17 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:20:08 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:20:02 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:19:56 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:19:56 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2014-04-06 18:33:39.379
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {70D0742E-9174-4DD2-88B0-CBFCBA6ECFC5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2014-04-06 15:43:46.313
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147685590
Name: Trojan:Win32/Wiszr.B
ID: 2147685590
Severity: Severe
Category: Trojan
Path: file:_C:\Users\05667\AppData\Local\Temp\mdi464.dll;process:_pid:4696;regkey:_HKCU@S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\tsiVideo;runkey:_HKCU@S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\tsiVideo
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\SysWOW64\rundll32.exe
Signature Version: AV: 1.169.1871.0, AS: 1.169.1871.0, NIS: 110.31.0.0
Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

Date: 2014-04-06 15:43:11.184
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147685590
Name: Trojan:Win32/Wiszr.B
ID: 2147685590
Severity: Severe
Category: Trojan
Path: file:_C:\Users\05667\AppData\Local\Temp\mdi464.dll;process:_pid:4696
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\SysWOW64\rundll32.exe
Signature Version: AV: 1.169.1871.0, AS: 1.169.1871.0, NIS: 110.31.0.0
Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

Date: 2013-12-22 20:27:26.528
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {FB8319B2-38D0-411E-8490-768E6C21F55C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2013-12-14 20:04:02.285
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4AEE7156-6719-4079-B480-1E6BD4A729C6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-11-15 23:59:04.506
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.161.2153.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10003.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-11-15 23:59:04.506
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.161.2153.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10003.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.54 MB
Available physical RAM: 2209.54 MB
Total Virtual: 4833.57 MB
Available Virtual: 2668.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.11 GB) (Free:272.52 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{da68fad7-b4a8-4234-84d1-1e8656d17d2a}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.58 GB) NTFS
\\?\Volume{7b1f4d42-fa10-4c05-827c-6eb9cc0d21d3}\ () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
\\?\Volume{af4e95d7-e18b-444b-aef5-0e5c637ba81d}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A3362226)

Partition: GPT.

==================== End of Addition.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by 05667 (25-08-2018 18:22:06)
Running from C:\Users\05667\Desktop
Windows 8.1 (Update) (X64) (2013-10-22 13:47:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

05667 (S-1-5-21-3641774439-2828617140-3225078060-1001 - Administrator - Enabled) => C:\Users\05667
Administrator (S-1-5-21-3641774439-2828617140-3225078060-500 - Administrator - Disabled)
Guest (S-1-5-21-3641774439-2828617140-3225078060-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3641774439-2828617140-3225078060-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
C:\Program files\Adobe\LRcestina_uninstall.exe (HKLM-x32\...\CZ Lokalizace pro Lightroom 4.x_is1) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
D-PDU API V1.10.046 D-PDU API for VOLKSWAGEN (HKLM-x32\...\D-PDU API V1.10.046 D-PDU API for VOLKSWAGEN) (Version: - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}) (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX110_TX110 Manuál (HKLM-x32\...\Epson Stylus SX110_TX110 Používatelská prírucka) (Version: - )
EPSON SX110 Series Printer Uninstall (HKLM\...\EPSON SX110 Series) (Version: - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Flux) (Version: - f.lux Software LLC)
FastShare.cz version 2.1 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.1 - )
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Free Video Splitter (HKLM-x32\...\{EAE005AD-F629-49DD-A605-C2264267622A}) (Version: 1.0.0 - Media Freeware)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Downloader 4.2.795 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Freemake Audio Converter version 1.1.7 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.7 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.10.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.1 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.88.2 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jing (HKLM-x32\...\{F6158B29-CBD5-4235-ADF7-06D76F8BDBA1}) (Version: 2.3.10110 - TechSmith Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeInCloud Password Manager (HKLM-x32\...\{8F417C7F-E3D1-4F9A-AD68-1D26E1E6F648}) (Version: 17.3.1 - Andrey Shcherbakov)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sound Agent 2 (HKLM-x32\...\{4D3EE131-ABD1-11D7-B52A-00104B72EEDB}) (Version: 1.00.117 - )
Total Video Converter 3.20 090114 (HKLM-x32\...\Total Video Converter 3.21_is1) (Version: - EffectMatrix Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCDS SVO 17.1 (HKLM-x32\...\VCDS SVO) (Version: SVO 17.1.3 - Ross-Tech, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Driver Package - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wondershare Video Converter Free(Build 6.5.2.3) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.2.3 - Wondershare Software)
XviD4PSP 5.0 (HKLM-x32\...\XviD4PSP5) (Version: 5.036 - Winnydows)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3641774439-2828617140-3225078060-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\05667\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2018-03-26] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27FAE184-819A-468F-ADBA-5152B0E133DB} - System32\Tasks\{E8070EF8-7C4C-4715-A041-AEAF426BCB27} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\05667\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_1.4.8.0.exe -d C:\Users\05667\Downloads
Task: {3321C53A-ACF2-49C3-8C86-B54AE849125A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641774439-2828617140-3225078060-1001Core => C:\Users\05667\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {380B75E9-8992-4AD0-A268-60B7FA3D37D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {4364CF47-2439-4B2E-80A4-BF3A55676997} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {608368C1-D6A6-4166-A759-3293ECE2916E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {6CCC7DAA-FBD2-4064-BAE2-F420C74E4CBD} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {7846917B-A737-488A-9B49-08BB4C183C71} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {7B3ACB86-ADE5-4A22-B537-27D4F198795A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {7B6DB8B8-662D-498A-AAE5-EDFCB9B4FC31} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {AC4C1A02-88BF-46B3-8DF5-334792471943} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C170D01D-841C-46A5-8574-BFEE614F00A4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {C58042BD-E20E-4C7C-9663-AA3F56DF393D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {CD641FAF-B4A9-4D37-ABE5-226C7F199152} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641774439-2828617140-3225078060-1001UA => C:\Users\05667\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D057AF70-0349-4F49-84F7-B4667A1C7605} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {D7883225-9875-4AE2-9782-5BE4D5B96DEE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {DBF1633F-CC49-4703-BC9A-76170983E71F} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3641774439-2828617140-3225078060-1001
Task: {E8799010-2421-4D66-B050-EDBB2BD5377E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F7AD1AED-E7F1-4867-8B39-8856BD01D82E} - System32\Tasks\{34F6B1B6-538D-4546-93AD-3E7FE6AFA94C} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/sk/abandoninstall?source=lightinstaller&page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\05667\AppData\Local\Google\Chrome\User Data\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 19:27 - 2012-12-07 19:27 - 000167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2017-10-26 14:35 - 2017-10-26 14:35 - 000821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2018-08-22 14:39 - 2018-05-08 12:23 - 000203760 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2018-08-24 16:46 - 2018-03-26 15:52 - 000727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2018-08-09 19:36 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-09 19:36 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-23 18:21 - 2018-08-23 18:21 - 005679248 _____ () C:\Program Files\AVAST Software\Avast\defs\18082304\algo.dll
2018-08-25 16:44 - 2018-08-25 16:44 - 005679248 _____ () C:\Program Files\AVAST Software\Avast\defs\18082502\algo.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2017-10-26 14:34 - 2017-10-26 14:34 - 000079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2017-10-26 14:35 - 2017-10-26 14:35 - 000129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2017-10-26 14:37 - 2017-10-26 14:37 - 000223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2013-10-15 19:59 - 000010316 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 update.ross-tech.com
127.0.0.1 ross-tech.com
127.0.0.1 update.ross-tech.com
127.0.0.1 www.vcds.eu
127.0.0.1 www.adako.pl
127.0.0.1 www.ross-tech.com
127.0.0.1 www.vcds.pl
127.0.0.1 www.vag-com.pl
127.0.0.1 crl.certum.pl
127.0.0.1 tsa.certum.pl
127.0.0.1 www.certum.pl
127.0.0.1 ocsp.certum.pl
127.0.0.1 ross-tech.com
127.0.0.1 www.diag.ro
127.0.0.1 diag.ro
127.0.0.1 crl.verisign.net
127.0.0.1 ocsp.verisign.net
127.0.0.1 ocsp.verisign.com
127.0.0.1 OCSP.AMS1.VERISIGN.COM
127.0.0.1 OCSP.FRA1.VERISIGN.COM
127.0.0.1 OCSP.LAX2.VERISIGN.COM
127.0.0.1 OCSP.TKO2.VERISIGN.COM
127.0.0.1 crl.comodo.com
127.0.0.1 crl.geotrust.com
127.0.0.1 http://ocsp.verisign.net
127.0.0.1 http://ocsp.verisign.com
127.0.0.1 OCSP.NYC3.VERISIGN.NET
127.0.0.1 OCSP.NYC3.VERISIGN.COM
127.0.0.1 OCSP.SFO1.VERISIGN.NET
127.0.0.1 Ross-Tech-cust-66-212-10-238.netcarrier.net

There are 251 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\05667\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS InstantOn => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NETGEAR WNA3100 Genie.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QveCtl2Tray"
HKLM\...\StartupApproved\Run32: => "ACMON"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Epson Stylus SX110"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "EPSON SX110 Series"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "wLite"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\StartupApproved\Run: => "SafeInCloud"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5D0BD77C-FDA0-486D-B09A-72208025B747}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{70149F67-1F5A-4D34-AADC-F8C598565862}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F5A6A22F-123D-4754-B71A-B1523753C68E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{36834A47-ED28-4C2F-821E-9BD921AFE55E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{569DA3CE-BEB5-48E7-889E-280807FE9A5C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D0AD7D31-B3A3-4C7B-BAC4-709968DE0DBE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E02126C5-D424-4B00-B86A-3702E079C2BC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6669842B-681B-4F59-AB16-FEEDA8F71502}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5EA1BC41-134E-484F-AD38-92EB60CD616E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{14A2B9D3-2CF0-4A09-A102-7593F3B5CA40}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{756CEDB1-F658-473D-BD09-D1B32050FB91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5FE44CBF-E2EB-4B6F-A51B-36416DB3BA18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5710208A-7DEB-43FB-8AB6-F38B16944613}] => (Allow) LPort=2799
FirewallRules: [{191813B2-05A8-4206-91F5-C6B89A0116C1}] => (Allow) LPort=2799
FirewallRules: [{9D21453A-2A27-4C96-986C-A4AC8D5F91DF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6E13DAB0-3829-4783-8F3D-DEE27D973E39}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B04F3CA-7CEC-4513-8606-E1648544E422}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E1A096C2-4A39-42E3-B2DB-F77DED37ECF9}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{15C387D3-156A-4676-A50D-6F0274D2E4BC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{2073273F-03CE-4395-8213-6B57DD5139A0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{DBCD08AA-BA1B-4BC6-9700-2B9D5B41906D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{CF80A96F-EC27-46CB-90E1-9D940C2031CC}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{D85110DC-5FE7-4A85-809A-97397769B0DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D392BB56-6685-4D05-8E9D-36EAFADECED4}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCDS.EXE
FirewallRules: [{5E2963B3-8837-4F71-B776-66998A11BDB9}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCIConfig.EXE
FirewallRules: [{DA4ABA4E-944F-4B54-9CDC-00A7CBD7A679}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{531B6260-B955-4EF9-871C-0D4AFEF3EA11}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{5459A717-2A1B-4C9D-B03B-8A348CC95A9A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{D82D5CE3-DCDE-4487-9D75-0D778AE8B984}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{0464C189-9C28-4057-A426-9667A9C33DE8}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A4B8F3AB-EFA6-4D86-98CF-1DEBB8A2AFC8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2018 06:03:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:51:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:41:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:41:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2018 05:20:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Radoslavsr)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/25/2018 06:03:33 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:51:07 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:41:31 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:41:17 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:20:08 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:20:02 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:19:56 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (08/25/2018 05:19:56 PM) (Source: DCOM) (EventID: 10010) (User: Radoslavsr)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2014-04-06 18:33:39.379
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {70D0742E-9174-4DD2-88B0-CBFCBA6ECFC5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2014-04-06 15:43:46.313
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147685590
Name: Trojan:Win32/Wiszr.B
ID: 2147685590
Severity: Severe
Category: Trojan
Path: file:_C:\Users\05667\AppData\Local\Temp\mdi464.dll;process:_pid:4696;regkey:_HKCU@S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\tsiVideo;runkey:_HKCU@S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\tsiVideo
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\SysWOW64\rundll32.exe
Signature Version: AV: 1.169.1871.0, AS: 1.169.1871.0, NIS: 110.31.0.0
Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

Date: 2014-04-06 15:43:11.184
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147685590
Name: Trojan:Win32/Wiszr.B
ID: 2147685590
Severity: Severe
Category: Trojan
Path: file:_C:\Users\05667\AppData\Local\Temp\mdi464.dll;process:_pid:4696
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\SysWOW64\rundll32.exe
Signature Version: AV: 1.169.1871.0, AS: 1.169.1871.0, NIS: 110.31.0.0
Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

Date: 2013-12-22 20:27:26.528
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {FB8319B2-38D0-411E-8490-768E6C21F55C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2013-12-14 20:04:02.285
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4AEE7156-6719-4079-B480-1E6BD4A729C6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-12-11 07:39:20.766
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.163.1568.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10100.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-11-15 23:59:04.506
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.161.2153.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10003.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2013-11-15 23:59:04.506
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.161.2153.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10003.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.54 MB
Available physical RAM: 2209.54 MB
Total Virtual: 4833.57 MB
Available Virtual: 2668.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.11 GB) (Free:272.52 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{da68fad7-b4a8-4234-84d1-1e8656d17d2a}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.58 GB) NTFS
\\?\Volume{7b1f4d42-fa10-4c05-827c-6eb9cc0d21d3}\ () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
\\?\Volume{af4e95d7-e18b-444b-aef5-0e5c637ba81d}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A3362226)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by 05667 (administrator) on RADOSLAVSR (25-08-2018 18:20:25)
Running from C:\Users\05667\Desktop
Loaded Profiles: 05667 (Available Profiles: 05667)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(f.lux Software LLC) C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-09-12] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [203760 2018-05-08] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Run: [EPSON SX110 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE [223232 2008-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2298880 2017-08-30] ()
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Run: [f.lux] => C:\Users\05667\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {0df4b2f1-e6cb-11e7-884e-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {26dc5493-baf0-11e7-8800-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\05667\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater-SVO.lnk [2018-08-15]
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Ross-Tech\VCDS-SVO\VCDS.exe (Ross-Tech, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2018-08-23]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{085a96a2-e3ed-497a-91d6-9398ac67ddf5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6b0b1543-ce99-41fb-afe4-06352b22ce1c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
SearchScopes: HKU\S-1-5-21-3641774439-2828617140-3225078060-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-23] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-23] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF DefaultProfile: n5xacc07.default
FF ProfilePath: C:\Users\05667\AppData\Roaming\Mozilla\Firefox\Profiles\n5xacc07.default [2018-01-01]
FF Extension: (Gmail™ Notifier +) - C:\Users\05667\AppData\Roaming\Mozilla\Firefox\Profiles\n5xacc07.default\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2017-04-19] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\05667\AppData\Roaming\Mozilla\Firefox\Profiles\n5xacc07.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (avast! Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-02] [Legacy]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.sk/"
CHR Profile: C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default [2018-08-25]
CHR Extension: (Prezentácie) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-20]
CHR Extension: (YouTube) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-20]
CHR Extension: (Notifier for Gmail™) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-04-30]
CHR Extension: (Bing) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-08-22]
CHR Extension: (Tabuľky) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Learn English - How's It Going) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmeiakabapgflfhcjmbpnbkgldkieddd [2017-03-20]
CHR Extension: (FormApps Extension) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-15]
CHR Extension: (Morpheon Dark) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-08-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-25]
CHR Profile: C:\Users\05667\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-17]
CHR HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [97776 2018-05-08] (Freemake)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-06-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 bthav; C:\WINDOWS\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 BthMtpEnum; C:\WINDOWS\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2017-11-28] (DT Soft Ltd)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2014-06-28] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [236888 2014-06-28] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124760 2014-06-28] (Microsoft Corporation)
S3 X86BDA; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys [666624 2012-04-27] ( )
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-25 18:20 - 2018-08-25 18:21 - 000017412 _____ C:\Users\05667\Desktop\FRST.txt
2018-08-25 18:16 - 2018-08-25 18:16 - 002413056 _____ (Farbar) C:\Users\05667\Desktop\FRST64.exe
2018-08-24 18:44 - 2018-08-24 18:44 - 000001085 _____ C:\Users\05667\Desktop\Format Factory.lnk
2018-08-24 18:44 - 2018-08-24 18:44 - 000000000 ____D C:\Users\05667\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2018-08-24 16:49 - 2018-08-24 16:49 - 000000000 ____D C:\ProgramData\xml_param
2018-08-24 16:48 - 2018-08-24 16:49 - 000000000 ____D C:\Users\05667\Documents\Wondershare Video Converter Free
2018-08-24 16:48 - 2018-08-24 16:48 - 000000000 ____D C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2018-08-24 16:46 - 2018-08-24 16:49 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Free
2018-08-24 16:46 - 2018-08-24 16:46 - 000001420 _____ C:\Users\Public\Desktop\Wondershare Video Converter Free.lnk
2018-08-24 16:46 - 2018-08-24 16:46 - 000000000 ____D C:\Users\05667\AppData\Local\Wondershare
2018-08-24 16:46 - 2018-08-24 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-08-24 16:46 - 2018-08-24 16:46 - 000000000 ____D C:\Program Files\Common Files\Wondershare
2018-08-24 16:46 - 2018-08-24 16:46 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-08-24 16:46 - 2018-03-26 15:52 - 000727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2018-08-24 16:46 - 2018-03-26 15:52 - 000153088 _____ () C:\WINDOWS\SysWOW64\WSCM32.dll
2018-08-24 16:42 - 2018-08-24 16:45 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-08-24 16:33 - 2018-08-24 16:33 - 000000000 ____D C:\Users\05667\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
2018-08-24 16:33 - 2018-08-24 16:33 - 000000000 ____D C:\Program Files (x86)\Winnydows
2018-08-24 16:21 - 2018-08-24 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
2018-08-24 16:21 - 2018-08-24 16:21 - 000000000 ____D C:\Program Files (x86)\Total Video Converter
2018-08-24 16:21 - 2000-05-22 22:58 - 000608448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2018-08-23 16:57 - 2018-08-23 16:57 - 002089323 _____ C:\Users\05667\Documents\jjjjjj.zip
2018-08-23 16:54 - 2018-08-23 16:54 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2018-08-23 16:54 - 2018-08-23 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-08-23 16:53 - 2018-08-23 16:53 - 000000000 ____D C:\Program Files (x86)\WinZip
2018-08-23 16:51 - 2018-08-23 16:51 - 000000000 ____D C:\Users\05667\Desktop\WinZip PRO 12_full_cz
2018-08-23 16:49 - 2018-08-23 16:50 - 014752512 _____ C:\Users\05667\Desktop\WinZip PRO 12_full_cz.zip
2018-08-22 14:43 - 2018-08-22 15:07 - 465498900 _____ C:\Users\05667\Desktop\00017.mp4
2018-08-22 14:39 - 2018-08-22 14:40 - 000000000 ____D C:\Users\05667\AppData\Local\FreemakeVideoConverter
2018-08-22 14:39 - 2018-08-22 14:39 - 000001342 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2018-08-22 00:00 - 2018-08-22 00:00 - 001222144 _____ C:\Users\05667\Desktop\RSITx64.exe
2018-08-21 23:22 - 2018-08-25 18:11 - 000000000 ____D C:\Users\05667\Desktop\svadba foto video igor
2018-08-15 17:19 - 2018-08-15 17:19 - 000001676 _____ C:\Users\05667\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VCDS SVO 17.1.lnk
2018-08-15 17:18 - 2018-08-15 17:19 - 000001646 _____ C:\Users\05667\Desktop\VCDS SVO 17.1.lnk
2018-08-15 17:18 - 2018-08-15 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS SVO
2018-08-15 17:17 - 2018-08-15 17:19 - 000000000 ____D C:\Ross-Tech

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-25 18:20 - 2016-01-23 20:13 - 000000000 ____D C:\FRST
2018-08-25 18:07 - 2014-05-25 19:26 - 000000000 ____D C:\Users\05667\AppData\Roaming\vlc
2018-08-24 23:49 - 2017-04-21 18:23 - 000000000 ____D C:\FFOutput
2018-08-24 19:00 - 2013-04-09 19:01 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3641774439-2828617140-3225078060-1001
2018-08-24 18:44 - 2017-04-21 18:23 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2018-08-24 16:37 - 2017-12-23 09:49 - 000000000 ____D C:\Temp
2018-08-24 12:02 - 2017-12-23 10:00 - 000000000 ____D C:\Users\05667\AppData\Local\HTC MediaHub
2018-08-24 12:01 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-23 19:44 - 2018-01-14 19:44 - 000003916 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-23 16:57 - 2017-07-18 10:55 - 000000000 ____D C:\Users\05667\Documents\umyvacka
2018-08-23 16:57 - 2013-04-15 05:36 - 000054272 ___SH C:\Users\05667\Documents\Thumbs.db
2018-08-23 16:55 - 2017-07-06 15:40 - 000000000 ____D C:\Users\05667\Documents\auto
2018-08-23 16:54 - 2015-09-15 14:24 - 000000000 ____D C:\ProgramData\WinZip
2018-08-23 07:35 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-08-22 14:40 - 2015-12-20 21:58 - 000000000 ____D C:\Users\05667\Documents\Freemake
2018-08-22 14:39 - 2015-12-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2018-08-22 14:39 - 2015-12-20 21:58 - 000000000 ____D C:\ProgramData\Freemake
2018-08-22 14:39 - 2015-12-20 21:58 - 000000000 ____D C:\Program Files (x86)\Freemake
2018-08-22 13:00 - 2013-04-14 19:13 - 000843776 ___SH C:\Users\05667\Desktop\Thumbs.db
2018-08-22 12:37 - 2015-01-24 00:58 - 000000000 ____D C:\AdwCleaner
2018-08-22 00:00 - 2013-08-18 21:31 - 000000000 ____D C:\Program Files\trend micro
2018-08-21 12:57 - 2017-11-28 19:24 - 000004130 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-15 20:04 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-08-15 17:18 - 2012-12-21 09:38 - 000000000 ____D C:\Program Files\DIFX
2018-08-14 21:23 - 2017-05-24 22:38 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-08-14 21:23 - 2016-03-28 18:38 - 000004430 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-14 21:22 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-14 21:22 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-09 19:36 - 2017-03-20 11:36 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-01 22:30 - 2013-10-22 15:28 - 000000000 ____D C:\Users\05667
2018-07-27 23:36 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2013-04-13 07:22 - 2013-04-13 07:22 - 000000021 _____ () C:\Users\05667\AppData\Roaming\my_intel.sys
2017-04-14 18:19 - 2017-04-14 18:19 - 000000022 _____ () C:\Users\05667\AppData\Roaming\splitterdirectorys.txt
2013-04-09 18:56 - 2013-05-16 22:06 - 000000564 _____ () C:\Users\05667\AppData\Roaming\sp_data.sys
2018-07-18 20:17 - 2018-07-18 20:17 - 000003584 _____ () C:\Users\05667\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 18:07 - 2014-04-09 18:07 - 000000062 _____ () C:\Users\05667\AppData\Local\MRDownloader.err
2014-04-09 17:07 - 2014-04-09 19:24 - 000001080 _____ () C:\Users\05667\AppData\Local\MRDownloader.nast
2013-08-22 00:03 - 2016-01-27 08:29 - 000007622 _____ () C:\Users\05667\AppData\Local\Resmon.ResmonCfg
2013-05-21 21:31 - 2014-04-20 20:58 - 000037324 _____ () C:\Users\05667\AppData\Local\SRDownloader.err
2013-05-18 17:53 - 2014-04-20 21:21 - 000001912 _____ () C:\Users\05667\AppData\Local\SRDownloader.nast
2017-05-04 23:31 - 2017-05-04 23:31 - 000000037 _____ () C:\Users\05667\AppData\Local\X-Plane Installer.prf
2017-05-04 23:31 - 2017-05-04 23:35 - 000000015 _____ () C:\Users\05667\AppData\Local\X-Plane_drm_11.prf
2017-05-04 21:18 - 2017-05-04 21:18 - 000000036 _____ () C:\Users\05667\AppData\Local\x-plane_install_11.txt

Some files in TEMP:
====================
2018-01-29 11:08 - 2018-01-29 11:08 - 002086488 _____ (HOW Inc. ) C:\Users\05667\AppData\Local\Temp\0x1jf3z5.exe
2018-08-15 17:22 - 2018-08-15 18:13 - 001039872 _____ () C:\Users\05667\AppData\Local\Temp\vcds_hook.dll
2018-01-14 20:02 - 2018-01-14 20:07 - 000000000 _____ () C:\Users\05667\AppData\Local\Temp\{4F318E80-FF60-434E-A39C-E7E6A6D3C799}-63.0.3239.132_63.0.3239.84_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-24 12:20

==================== End of FRST.txt ============================

Zapni obnovu systemu

• Stlac Win+R, napis "sysdm.cpl" (bez uvodzoviek) a stlac enter
• Klikni na kartu Ochrana systemu a potom na Konfigurovat
• Vyber moznost Zapnut ochranu systemu a klikni na OK

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
  File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
  File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  File: C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
  ExportKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  CMD: dir "C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}"
  
  HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
  HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
  HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {0df4b2f1-e6cb-11e7-884e-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe" 
  HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {26dc5493-baf0-11e7-8800-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe" 
  HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
  HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
  CHR HomePage: Default -> msn.com
  CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.sk/"
  CHR HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
  S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]
  2018-08-22 00:00 - 2018-08-22 00:00 - 001222144 _____ C:\Users\05667\Desktop\RSITx64.exe
  2018-08-22 00:00 - 2013-08-18 21:31 - 000000000 ____D C:\Program Files\trend micro
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by 05667 (25-08-2018 21:04:44) Run:1
Running from C:\Users\05667\Desktop
Loaded Profiles: 05667 (Available Profiles: 05667)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
ExportKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
CMD: dir "C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}"

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {0df4b2f1-e6cb-11e7-884e-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\MountPoints2: {26dc5493-baf0-11e7-8800-08606e1250ae} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.sk/"
CHR HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]
2018-08-22 00:00 - 2018-08-22 00:00 - 001222144 _____ C:\Users\05667\Desktop\RSITx64.exe
2018-08-22 00:00 - 2013-08-18 21:31 - 000000000 ____D C:\Program Files\trend micro

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 274
Average :
Sum : 105860401966
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe ========================

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
File is digitally signed
MD5: B7BCA8A30CE13A283CDBDECEF5616C39
Creation and modification date: 2012-09-12 00:01 - 2012-09-12 00:01
Size: 000107192
Attributes: ----A
Company Name: ASUS
Internal Name: ACMON
Original Name: ACMON.exe
Product: ACMON
Description: ACMON
File Version: 1, 0, 9, 0
Product Version: 1, 0, 0, 0
Copyright: Copyright (C) 2005 - 2010 ASUS
VirusTotal: https://www.virustotal.com/file/c734a8c ... 531074732/

====== End of File: ======


========================= File: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe ========================

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
File not signed
MD5: ABEFA4BD23329FD9BD47496BF2E58774
Creation and modification date: 2012-12-21 09:40 - 2012-07-13 11:02
Size: 002451456
Attributes: ----N
Company Name: Realsil Microelectronics Inc.
Internal Name: RIconMan.exe
Original Name: RIconMan.exe
Product: IconMan_R
Description: Realtek Card Reader Patch Tool.
File Version: 1.5.0.0
Product Version: 1.5.0.0
Copyright: CopyRight (C) Realsil Semiconductor Corp. All Rights Reserved.
VirusTotal: https://www.virustotal.com/file/9689d4c ... 534722006/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================

C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File not signed
MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41
Size: 000069632
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: IDriverT
Original Name: IDriverT.exe
Product: InstallShield (R)
Description: IDriverT Module
File Version: 11.00.28844
Product Version: 11.00
Copyright: Copyright (C) 2005 Macrovision Corporation
VirusTotal: https://www.virustotal.com/file/c227850 ... 535155283/

====== End of File: ======


========================= File: C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ========================

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
File not signed
MD5: 3CAE2BBC86FCF7F94C9696994AF30386
Creation and modification date: 2012-12-07 19:27 - 2012-12-07 19:27
Size: 000167424
Attributes: ----A
Company Name:
Internal Name: PassThruSvr
Original Name: PassThruSvr.exe
Product: PassThruSvr Application
Description: PassThruSvr Application
File Version: 1.2.1.8
Product Version: 1.2.1.8
Copyright: Copyright (C) 2012
VirusTotal: https://www.virustotal.com/file/4da063a ... 527713084/

====== End of File: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"=""C:\WINDOWS\system32\igfxtray.exe""
"HotKeysCmds"=""C:\WINDOWS\system32\hkcmd.exe""
"Persistence"=""C:\WINDOWS\system32\igfxpers.exe""
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe*********************************************"
"iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe""

=== End of ExportKey ===

========= dir "C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}" =========

Volume in drive C is OS
Volume Serial Number is C2BB-CE8E

Directory of C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

24.08.2018 16:48 <DIR> .
24.08.2018 16:48 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 292ÿ137ÿ213ÿ952 bytes free

========= End of CMD: =========

"HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0df4b2f1-e6cb-11e7-884e-08606e1250ae}" => removed successfully
HKLM\Software\Classes\CLSID\{0df4b2f1-e6cb-11e7-884e-08606e1250ae} => not found
"HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26dc5493-baf0-11e7-8800-08606e1250ae}" => removed successfully
HKLM\Software\Classes\CLSID\{26dc5493-baf0-11e7-8800-08606e1250ae} => not found
"HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\System\CurrentControlSet\Services\NPF" => removed successfully
NPF => service removed successfully
C:\Users\05667\Desktop\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33952492 B
Java, Flash, Steam htmlcache => 831 B
Windows/system/drivers => 2338617 B
Edge => 0 B
Chrome => 783250769 B
Firefox => 12196723 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 623867 B
systemprofile32 => 432 B
LocalService => 357486 B
NetworkService => 0 B
05667 => 87648875 B

RecycleBin => 343042020 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:08:40 ====

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v ACMON /t REG_SZ /d "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" /f
  2018-08-24 16:48 - 2018-08-24 16:48 - 000000000 ____D C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by 05667 (26-08-2018 13:20:53) Run:2
Running from C:\Users\05667\Desktop
Loaded Profiles: 05667 (Available Profiles: 05667)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v ACMON /t REG_SZ /d "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" /f
2018-08-24 16:48 - 2018-08-24 16:48 - 000000000 ____D C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
End
*****************


========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v ACMON /t REG_SZ /d "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Users\05667\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} => moved successfully

==== End of Fixlog 13:20:53 ====

Vyzera to uz OK. Nastala nejaka zmena?

Plocha ma skoro 100 GB. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Takto prilis velka velkost plochy moze sposobit spomalenie systemu.