VIRY.CZ

Přeju vše dobrý den,
mám problém s notebookem dcery, která si spustila nějaký stažený exe soubor a od té doby pc zlobí. Samy se vypínají programy (Commander, prohlížeč)počítač je občas zatížen přes 60% i když není nic spuštěno a jakmile se vypnulo wifi připojení,výkon spadl na 3%.
Chrome se automaticky zavře při vyhledání slova Eset nebo pokusu o přechod na stránky Esetu, nebo se naopak prohlížeč sám spustí stránky s erot. tématikou a podobně.

Dále nainstalovaný Norton hlásil: Pokus o narušení od objektu miner.fee.xmring.com byl zablokován, System infected:Miner.BitcoinMiner Activity 9
Pokoušel jsem se spustit FRST, ale okamžitě při spuštění spadne.

RSIT funguje a log je níže.

Děkuji za pomoc.
Jirka

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kristyna at 2018-08-30 16:53:22
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 36 GB (12%) free of 305 GB
Total RAM: 3957 MB (64% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 30652864
\??\C:\Windows\system32\conhost.exe "18875218961879228492-1858376640-1925192023-13922799658843335142952906642090485437
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" /s
"C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe"
"C:\Program Files\Fujitsu\PSUtility\PSUService.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e54cea82-372e-45c0-91b3-1d4914ae6f24 -SystemEventPortName:HostProcess-66a4c754-3e51-46d8-b756-414bf482bc21 -IoCancelEventPortName:HostProcess-bd49414b-c42e-4f7c-aedd-4c266d6d8ff5 -NonStateChangingEventPortName:HostProcess-288176dd-3765-4725-802d-ae845d13d2c2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9b9af394-e746-4b98-b92f-549762690193 -DeviceGroupId:
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe"
"C:\Program Files\Fujitsu\PSUtility\TrayManager.exe"
"C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe"
"C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe"
"C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\SysWOW64\svchost.exe"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\FJ Camera\Monitor.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE"
"C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE"
"taskhost.exe"
explorer.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe" --config="C:\Users\Kristyna\AppData\Local\Temp\[42B996]"
\??\C:\Windows\system32\conhost.exe "109796967713925897-1852494504-1733432767-62097516616054874604022248671146527651
"C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\diMaster.dll" /prefetch:1
taskeng.exe {541FF61E-B876-4259-9EDB-AFB82C00490B}

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a0e74ab5-9d9e-471f-a0f5-5e572e9f5ee5 -SystemEventPortName:HostProcess-a0b5e81b-b816-494c-b060-c77646f9217b -IoCancelEventPortName:HostProcess-0657ffce-48a3-4fc5-8c7d-d3ca3f47bd2d -NonStateChangingEventPortName:HostProcess-6bd35554-454e-4a14-bba5-f86683616604 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:167cffe3-8b75-41e2-a2eb-4c727f7d2559 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
"C:\Filmy\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
wmiadap.exe /R /T

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-21 207032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-28 582008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-18 1058992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-28 245112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-18 149168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-18 678584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-14 13353064]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 2277992]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-08-11 2816808]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [2011-11-23 76104]
"PSUTility"=C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [2011-10-03 205168]
"SSUtility"=C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [2011-09-15 273776]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2011-09-30 158024]
"LoadBtnHnd"=C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2011-09-30 23368]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-08-27 3207968]
"Discord"=C:\Users\Kristyna\AppData\Local\Discord\app-0.0.301\Discord.exe [2018-04-30 57816920]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2018-08-24 49799144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"FUJ02B1_Apps"=C:\Program Files (x86)\Fujitsu\FUJ02B1\CheckBatteryPack.exe [2016-05-11 367424]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-06 291608]
"IndicatorUtility"=C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2010-09-29 48752]
"FJ Camera_Monitor"=C:\Program Files (x86)\FJ Camera\monitor.exe [2012-01-18 279416]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2018-05-30 5885352]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-30 16:53:22 ----D---- C:\rsit
2018-08-30 16:53:22 ----D---- C:\Program Files\trend micro
2018-08-29 16:39:10 ----D---- C:\Data
2018-08-29 14:10:28 ----AT---- C:\Windows\SYSWOW64\00009961.tmp
2018-08-29 13:59:57 ----AT---- C:\Windows\SYSWOW64\00009967.tmp
2018-08-29 13:26:12 ----AT---- C:\Windows\SYSWOW64\00016918.tmp
2018-08-29 13:10:41 ----AT---- C:\Windows\SYSWOW64\00008350.tmp
2018-08-29 12:40:34 ----D---- C:\Windows\system32\drivers\NSSx64
2018-08-29 12:40:33 ----D---- C:\Program Files (x86)\Norton Security Scan
2018-08-29 12:27:30 ----D---- C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-29 12:13:51 ----D---- C:\Program Files (x86)\Norton AntiVirus
2018-08-29 10:42:56 ----AT---- C:\Windows\SYSWOW64\00024736.tmp
2018-08-28 21:23:45 ----D---- C:\ProgramData\NCOTEMP
2018-08-28 21:23:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2018-08-28 21:23:09 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2018-08-28 21:22:19 ----D---- C:\Windows\system32\drivers\NAVx64
2018-08-28 21:22:16 ----D---- C:\ProgramData\Norton
2018-08-28 21:21:36 ----D---- C:\ProgramData\NortonInstaller
2018-08-28 21:21:36 ----D---- C:\Program Files (x86)\NortonInstaller
2018-08-28 17:43:14 ----D---- C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-19 15:49:56 ----D---- C:\Users\Kristyna\AppData\Roaming\ICQ
2018-08-19 14:45:41 ----D---- C:\Program Files (x86)\Microsoft
2018-08-04 14:00:42 ----D---- C:\Program Files (x86)\Cenega
2018-08-03 14:40:58 ----D---- C:\Users\Kristyna\AppData\Roaming\MPC-HC

======List of files/folders modified in the last 1 month======

2018-08-30 16:53:22 ----RD---- C:\Program Files
2018-08-30 16:52:58 ----D---- C:\Filmy
2018-08-30 16:52:31 ----D---- C:\Windows\Temp
2018-08-30 16:41:12 ----D---- C:\Windows\System32
2018-08-30 16:41:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-30 16:41:11 ----D---- C:\Windows\inf
2018-08-30 16:37:28 ----SHD---- C:\Windows\Installer
2018-08-29 17:15:34 ----SHD---- C:\System Volume Information
2018-08-29 16:49:28 ----D---- C:\Program Files (x86)\Steam
2018-08-29 16:46:43 ----D---- C:\Windows\Tasks
2018-08-29 16:46:43 ----D---- C:\Windows\system32\Tasks
2018-08-29 15:22:57 ----D---- C:\Users\Kristyna\AppData\Roaming\vlc
2018-08-29 15:16:01 ----RD---- C:\Program Files (x86)
2018-08-29 15:09:14 ----D---- C:\Users\Kristyna\AppData\Roaming\WTablet
2018-08-29 14:10:31 ----D---- C:\Windows\SysWOW64
2018-08-29 14:10:30 ----D---- C:\Program Files (x86)\FJ Camera
2018-08-29 14:10:28 ----D---- C:\Program Files (x86)\TeamViewer
2018-08-29 14:10:28 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2018-08-29 12:40:34 ----D---- C:\Windows\system32\drivers
2018-08-29 12:34:21 ----D---- C:\ProgramData\boost_interprocess
2018-08-29 12:27:30 ----D---- C:\Windows
2018-08-29 10:48:55 ----D---- C:\Users\Kristyna\AppData\Roaming\uTorrent
2018-08-29 09:56:51 ----D---- C:\Windows\Prefetch
2018-08-28 21:33:33 ----D---- C:\Program Files (x86)\Common Files
2018-08-28 21:23:45 ----HD---- C:\ProgramData
2018-08-28 21:23:09 ----D---- C:\Program Files\Common Files
2018-08-28 14:34:40 ----D---- C:\Program Files\Java
2018-08-28 14:33:33 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-26 16:34:51 ----D---- C:\Windows\system32\config
2018-08-22 17:20:42 ----D---- C:\Windows\Microsoft.NET
2018-08-22 16:22:02 ----D---- C:\Program Files (x86)\Call of Duty - Modern Warfare 2
2018-08-22 16:19:13 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-08-21 20:55:10 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-08-21 20:52:32 ----D---- C:\Program Files (x86)\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 FBIOSDRV;Fujitsu BIOS Driver; C:\Windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
R0 FJGSDisk;G-Sensor Application Filter Driver; C:\Windows\system32\DRIVERS\FJGSDisk.sys [2011-07-07 15600]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-06 16152]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAVx64\1506000.020\SYMDS64.SYS [2013-09-10 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [2014-08-26 1148120]
R1 ccSet_NAV;NAV Settings Manager; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [2013-09-26 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-10-04 484952]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-21 40344]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20180828.061\IDSvia64.sys [2018-08-28 1306592]
R1 MpKsle63d9e6d;MpKsle63d9e6d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDE90861-4311-4F93-8E6C-73E7516685C7}\MpKsle63d9e6d.sys [2018-08-29 58120]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [2014-08-26 37592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-11-30 358576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2018-08-29 153168]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\Windows\system32\DRIVERS\FUJ02B1.sys [2016-05-11 59152]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776x64.sys [2011-08-15 86888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2018-05-23 35648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-05-18 3811816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-16 2950632]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-06 356120]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-06 787736]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2011-12-23 3052920]
R3 swg3kmbb00;Sierra Wireless QMI USB-NDIS 6.20 miniport; C:\Windows\system32\DRIVERS\swg3kmbb00.sys [2012-10-18 477560]
R3 swg3knmea00;Sierra Wireless QMI NMEA Serial Communication; C:\Windows\system32\DRIVERS\swg3knmea00.sys [2012-10-18 269304]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\swg3kser00.sys [2012-10-18 269560]
R3 swibus00;Sierra Wireless Bus Enumerator 00; C:\Windows\system32\DRIVERS\swibus00.sys [2012-10-18 85880]
R3 swibusflt00;Sierra Wireless Bus Enumerator Filter 00; C:\Windows\system32\DRIVERS\swibusflt00.sys [2012-10-18 85880]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2018-08-29 99920]
R3 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NAVx64\1501000.012\SYMNETS.SYS [2013-09-26 590936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-08-11 1448496]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 36864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20180827.001\BHDrvx64.sys [2018-08-27 1919568]
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [2014-08-06 266968]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-11-23 134696]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2011-11-23 620584]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-11-23 167976]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-11-23 178728]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-11-23 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-11-23 21544]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EraserUtilDrv11311;EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [2013-10-04 140376]
S3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\ENG64.SYS [2018-08-29 138832]
S3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\EX64.SYS [2018-08-29 2153040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2012-06-13 266896]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSP64.SYS [2013-09-27 858200]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TesSafe;TesSafe; \??\C:\Windows\syswow64\TesSafe.sys []
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouterPro;Wacom Hid Router Pro; C:\Windows\system32\DRIVERS\wachidrouter.sys [2018-05-30 115672]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2018-05-30 17880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-11-22 1084192]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-08-07 8522912]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSAudioSvc;DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 FUJ02E3Service;FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2011-11-23 76104]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2018-05-30 3346856]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2017-05-18 319096]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-05-27 419248]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 NAV;Norton AntiVirus; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [2014-09-21 262968]
R2 PFNService;PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2011-12-22 2213376]
R2 PowerSavingUtilityService;PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-10-03 63856]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 337776]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 SwiService;Sierra Wireless Service; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [2012-10-18 198032]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-02-02 6634224]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13 153168]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-12-21 1530376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-05-18 280696]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13 153168]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 116224]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-08-07 213032]
S3 osppsvc;Office Software Protection Platform; c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2018-02-02 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-27 1684256]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-11-04 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

vše proběhlo, nalezena jedna hrozba, která byla po restartu odstraněna, viz log níže.

-----
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-07-12.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-30-2018
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Kristyna\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1295 octets] - [30/08/2018 21:02:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Teď dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

zasílám logy z FRST, nejdřív log addition.txt

-----------------------------------------------------------Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Kristyna (30-08-2018 22:22:36)
Running from C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
Windows 7 Professional Service Pack 1 (X64) (2017-11-16 17:24:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1250171309-3979389096-1947347105-500 - Administrator - Disabled)
Guest (S-1-5-21-1250171309-3979389096-1947347105-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1250171309-3979389096-1947347105-1003 - Limited - Enabled)
Kristyna (S-1-5-21-1250171309-3979389096-1947347105-1001 - Administrator - Enabled) => C:\Users\Kristyna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Any Send 1.0 (HKLM-x32\...\{0897FBB8-CCB8-454C-A8C3-26B5EE15E4D7}) (Version: 1.0.0 - Adylitica) Hidden
Any Send 1.0 (x64) (HKLM\...\{BAB72871-C133-4628-9B56-6B17E90389E1}) (Version: 1.0.0 - Adylitica) Hidden
Any Send for Windows (HKLM-x32\...\{51142af8-bc9b-44c1-b78d-9e6c453b3022}) (Version: 1.0.0 - Adylitica, Inc.)
Any Send for Windows (HKLM-x32\...\{bb7e741b-f5d6-4340-8e21-8205ed9ded9b}) (Version: 1.0.0 - Adylitica, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour SDK (HKLM\...\{C0F5A19A-055A-4902-9D41-864127BFAF11}) (Version: 3.0.0.10 - Apple Inc.)
Corel Painter Essentials 6 - Content (HKLM\...\{56F051E4-C179-425E-9AA8-4B3FBC2F05B7}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - Core (HKLM\...\{FA3FA2BE-94D1-41CA-89BF-29AE2EB61E46}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - CT (HKLM\...\{404B42A1-47EF-44D5-B390-E0CB3F879497}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - DE (HKLM\...\{13CD16A8-0B5E-469D-A8C2-1BD41B58999F}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - EN (HKLM\...\{1B3DFFA0-0CE7-4607-8E55-FB64B8628995}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - FR (HKLM\...\{E39BC105-2204-4BA8-BB9F-D08E5BDD1493}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - IPM (HKLM\...\{B1AA1DD1-FC10-499C-B802-6C9558CBBC1A}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - IPM Content (HKLM\...\{68FC3BC5-C3AA-4B36-86F7-D4ED105E1D7B}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 - JP (HKLM\...\{9BAC9F81-DE28-450F-B0F8-C319D08C2A6A}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Essentials 6 (HKLM\...\_{0EDEDA40-4B3A-46D0-A0D8-0FE8834390DE}) (Version: 6.0.0.167 - Corel Corpopration)
Corel Painter Essentials 6 (HKLM\...\{D5ACBF88-A251-4E63-8DFE-1EF7491D601E}) (Version: 6.0 - Corel Corporation) Hidden
Corel Painter Thumbnail Previewer (HKLM\...\{50139369-99B2-496A-8726-D3DC5D6D4235}) (Version: 18.0 - Corel Corporation)
Corel Update Manager (HKLM\...\{5039B7BE-F79B-4121-A9D3-D66ED4169414}) (Version: 2.4.285 - Corel corporation) Hidden
Discord (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Exanima (HKLM-x32\...\1470768488_is1) (Version: 2.0.0.2 - GOG.com)
FJ Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.9.4 - SunplusIT)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
GameRanger (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\GameRanger) (Version: - GameRanger Technologies)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1806.2114 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
ICA (HKLM\...\{0EDEDA40-4B3A-46D0-A0D8-0FE8834390DE}) (Version: 6.0 - Corel Corpopration) Hidden
ICQ (verze 10.0.12341) (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\icq.desktop) (Version: 10.0.12341 - ICQ)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
K-Lite Codec Pack 14.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.5 - KLCP)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Little Fighter 2 1.9c (HKLM-x32\...\Little Fighter 2) (Version: 1.9c - )
LogMeIn Hamachi (HKLM-x32\...\{892DB406-ADF8-4C30-9840-8438AF5B8763}) (Version: 2.2.0.607 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.607 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2275 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25711 (HKLM\...\{7D02C46E-2953-3EB1-A5D5-7943C9D7684F}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25711 (HKLM\...\{043D5787-5988-3DE2-928D-3B6A75E2126E}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25711 (HKLM-x32\...\{8FDCF95F-4756-34F4-9DA2-D708E7FAC504}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25711 (HKLM-x32\...\{6E894015-A182-3C1E-A7D2-3032CB2E1D43}) (Version: 14.12.25711 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.150 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
O2Micro OZ776 SCR Driver (HKLM\...\{722AE78A-F730-4447-A6EC-099F6F7B2ABF}) (Version: 2.1.4.214GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{722AE78A-F730-4447-A6EC-099F6F7B2ABF}) (Version: 2.1.4.214GS - O2Micro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{f7f2057c-00c5-4cef-b26c-6fbf5feb90b4}) (Version: latest - ppy Pty Ltd)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.038 - FUJITSU LIMITED)
Project Zomboid verze Build 38.30 (HKLM-x32\...\{83545AFD-2CE1-49E0-9A97-25312A582C98}_is1) (Version: Build 38.30 - Trackeroc.Ru)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Rules of Survival version 1.167700.171312 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.167700.171312 - Hong Kong Netease Interactive Entertainment Limited)
Shade: HnÄ›v andÄ›lĹŻ (HKLM-x32\...\{5F055711-2CAF-4323-8443-BEE4913FC7E6}) (Version: 1.20.000 - )
Shock Sensor Driver (HKLM\...\{BFA53004-F544-4356-B0F9-735D69623447}) (Version: 1.01.00.002 - FUJITSU LIMITED) Hidden
Shock Sensor Driver (HKLM-x32\...\InstallShield_{BFA53004-F544-4356-B0F9-735D69623447}) (Version: 1.01.00.002 - FUJITSU LIMITED)
Shock Sensor Utility (HKLM\...\{4E7C12AC-8F19-49CC-87C3-0EAAD952F6B3}) (Version: 5.01.00.001 - FUJITSU LIMITED) Hidden
Shock Sensor Utility (HKLM-x32\...\InstallShield_{4E7C12AC-8F19-49CC-87C3-0EAAD952F6B3}) (Version: 5.01.00.001 - FUJITSU LIMITED)
Sierra Wireless QMI Fujitsu Driver Package (HKLM-x32\...\SWIFujitsuDrvInstaller) (Version: 2.8.1210.1 - Sierra Wireless Inc.)
Skype verze 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
Software IntelÂ® PROSet/Wireless WiFi (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.19.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.30-6 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3100 - Broadcom)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Kristyna\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14E8C7B6-B9EF-4221-BA3D-854ECCC240CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-21] (Microsoft Corporation)
Task: {22AB460A-0DA5-4F5D-AE1F-996A328ECAF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-21] (Microsoft Corporation)
Task: {247C2886-8442-4E92-9ABC-3240ECAC987D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {30F903E2-CF8A-4A93-BDD6-111CF24FC24D} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {33FECD53-E46D-4D66-B645-31FDC6882DE3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-21] (Microsoft Corporation)
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {41A1343F-5D8C-461E-9268-65A41AACA93B} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-11-06] (Corel Corporation)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {5C24A182-9D9E-4FD3-9D67-D5FA257A33E4} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7FBF36EB-A759-4046-8C22-E57D853DCD17} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {A0D5ABEF-2228-4118-B230-417464D8B158} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {A7D09C55-AAC3-4C91-BD70-AEF24183FA6F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B72C2222-71F9-4A69-ACAA-5537E9FDA863} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {C122302A-4CC1-46CC-BB17-A5858CA87835} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {CCEA2A20-5F2B-4F73-BED5-1884190143F9} - System32\Tasks\Norton Security Scan for Kristyna => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe [2018-01-10] (Symantec Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {DF95AEA0-5694-420C-BAA4-D82182F05110} - System32\Tasks\{FF6ED4FB-3AD6-C542-38D3-148DC339F3C5} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" perfectsidecom.ru/cl/?guid=allw6ke60tg0vxuxtz77lc36ep83kz9k&prid=1&pid=4_1324_0
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {F2D432C9-CBC7-4D87-B8AF-0F97338C2F1C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-05-02] ()
Task: {FA4CDFD2-ED5B-4E37-8D43-A5B74920C08E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-21] (Microsoft Corporation)
Task: {FCA4978D-F28A-4A58-BE96-F2A5C13BCD3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-18 08:44 - 2012-01-18 08:44 - 000279416 _____ () C:\Program Files (x86)\FJ Camera\Monitor.exe
2018-08-19 14:45 - 2018-08-24 23:36 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-08-29 11:20 - 2018-08-24 23:36 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-08-29 11:20 - 2018-08-24 23:36 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-08-19 14:45 - 2018-08-24 23:36 - 002725400 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-08-19 14:45 - 2018-08-24 23:36 - 000033304 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-08-29 11:20 - 2018-08-24 23:36 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-08-29 11:20 - 2018-08-24 23:36 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-08-29 11:20 - 2018-08-24 23:36 - 002384840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\sharepoint.com -> hxxps://vassboskovice53-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{735DB583-87F2-406C-B8C7-2650A49AA3EB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FE70A0D7-9A4E-4144-A29E-306A808D8296}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5CD91DE-2D26-4807-A9A5-FC6649E04A52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F65F05E9-D8AD-4DEE-96B9-1FD158850CB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{30527457-5A2E-4094-A38B-3589577D11DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B6070AC6-2F02-42B1-9628-076604D58442}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0480B8EF-5199-4AF9-8B18-E70992BB93F5}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{9CDF4EF9-CAEA-49BD-B652-2D67630F0408}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{A50F0088-D4D5-4444-A7AB-FD1AF2EA5796}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{3D6D99F8-8209-4CA9-9554-2BF38F6431AE}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{90942A52-16F4-4598-93B7-349689DAE8D5}C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{697E376E-4DEB-4CE5-894A-56A55D99C1F0}C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\kristyna\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{5FA9E6DE-226A-4FE2-9F53-34CD5F304B13}C:\call of duty 1\the call of duty\codmp.exe] => (Allow) C:\call of duty 1\the call of duty\codmp.exe
FirewallRules: [UDP Query User{50B1400A-E944-4649-840A-E815CCD82B5C}C:\call of duty 1\the call of duty\codmp.exe] => (Allow) C:\call of duty 1\the call of duty\codmp.exe
FirewallRules: [TCP Query User{474A38E8-E13D-4E4D-AEAB-81816B2565BC}C:\program files (x86)\call of duty\codmp.exe] => (Allow) C:\program files (x86)\call of duty\codmp.exe
FirewallRules: [UDP Query User{9B5BBBFD-F341-4F70-937B-645A5E815BF1}C:\program files (x86)\call of duty\codmp.exe] => (Allow) C:\program files (x86)\call of duty\codmp.exe
FirewallRules: [TCP Query User{7BF37A9B-8D9A-4F01-90A7-5C8CC842C0E3}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{FF7621B5-5CF8-425B-A26D-9353E12F4F04}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{E7E2CDED-1953-469C-9679-3D0814F32B22}C:\install\hry\bulanci\bulanci.exe] => (Block) C:\install\hry\bulanci\bulanci.exe
FirewallRules: [UDP Query User{ABA62D8B-D3D9-4D0E-A1BD-6AF50D2EB07A}C:\install\hry\bulanci\bulanci.exe] => (Block) C:\install\hry\bulanci\bulanci.exe
FirewallRules: [TCP Query User{66730DAE-DC6B-4C9D-8E17-5576D52177C7}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{1F401D3C-4995-449E-A2A6-98A047A9A3A7}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{FC5F2F0E-4D22-453D-A297-33458E2F2E39}C:\program files (x86)\left 4 dead\left4dead.exe] => (Allow) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{B1282B2C-F8A5-4933-9A6F-72666C1E8486}C:\program files (x86)\left 4 dead\left4dead.exe] => (Allow) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{F531A7CE-FF38-424A-BAD4-5962C48746F5}C:\program files (x86)\left 4 dead\left4dead.exe] => (Block) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{6D7A4BC4-A9FB-457C-88D2-90D7F2644387}C:\program files (x86)\left 4 dead\left4dead.exe] => (Block) C:\program files (x86)\left 4 dead\left4dead.exe
FirewallRules: [{2561B90F-8B75-45A8-9C0B-49B3C9FFDA6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D92792C2-56F7-4DC4-BF4B-024C53EAA44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FB6EFA3-0816-485D-A2A5-B4D6F2ECC38E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{201049A1-42EE-4BCB-B373-5C3680909176}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{2BA64ABE-2F2B-4BD3-8A15-A5EE97C954C3}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{B84A6DA9-0AC7-490B-984F-41F01536E5AF}C:\users\kristyna\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{DA78CB80-EB10-4D46-82D9-129B5B1B3159}C:\users\kristyna\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{E359A34A-7704-4A3A-B3E2-4893046AE429}C:\users\kristyna\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\kristyna\appdata\local\warthunder\win64\aces.exe
FirewallRules: [{0069FFEA-DB52-4040-8EE3-6610022E6CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C8C91C4E-7DEC-40A0-886C-D6B45A2795BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A02BB8EB-8960-4B72-B272-AC0819189ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{A0D1BE11-DFCC-4C5B-866D-D60A664AFFD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{50FD13BC-B788-4F8A-88E8-799619E7D596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{5E2AA3CD-FFF4-47F3-BD8A-A15672D7857A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{E97515BE-A78B-4C4F-BB1F-FB05F88425DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{338AEE10-E4FB-40BC-9FBC-E76CAAB39533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{6F62854B-AF17-45F5-A603-0D54ABC07A1E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{B4B7153A-48C6-4595-A182-05FDEC97B9EC}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{39981EEB-B861-4893-8FD6-A85D687D858D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{89DE33D3-46A4-4A47-B843-993271DD95F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{E4A852E7-882C-4813-B91C-AAEEFCE672A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B580F567-FD58-40F3-AF88-B60594A69324}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41A1BB5B-2B7C-4469-932C-CB3A5A48BAA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6A862BF3-6A5C-44C3-9861-35103B6C1449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{13A3FC75-3CB1-4BBF-8061-3B2F9A953F21}C:\program files (x86)\any send\any send.exe] => (Allow) C:\program files (x86)\any send\any send.exe
FirewallRules: [UDP Query User{F2275136-3EAE-4254-9114-B1F0D7C9058B}C:\program files (x86)\any send\any send.exe] => (Allow) C:\program files (x86)\any send\any send.exe
FirewallRules: [TCP Query User{9BCA39C8-3632-40F2-80F8-0F39E4B37DB3}C:\program files\any send\any send.exe] => (Allow) C:\program files\any send\any send.exe
FirewallRules: [UDP Query User{3083CDB0-3355-4103-8240-F3B70046B95C}C:\program files\any send\any send.exe] => (Allow) C:\program files\any send\any send.exe
FirewallRules: [TCP Query User{CB4B67B8-8717-4B86-AC69-81B12F050C58}C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe] => (Allow) C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe
FirewallRules: [UDP Query User{2EB1EC5C-94CC-4D0A-B44B-319F06DE4998}C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe] => (Allow) C:\users\kristyna\documents\any send\flat.out.2.pc.game(djdevastateâ„˘)\flatout2.exe
FirewallRules: [{AA7B9D3C-6263-4DDC-BB45-27B6249BF796}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FBD8C02A-2C18-4B62-A10E-40FA46D7E0DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC2391DC-E000-4032-9C99-FEA5DCD64EFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EEDA2671-64DD-4134-88CD-1DDF1A94FC09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1B4B7A9D-3725-4C4D-A7CD-220259AAA6A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{3383E2D6-1A23-47B4-98D8-439A2C276882}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [TCP Query User{E41EB166-25DC-4504-B696-48DBEFDBAD11}C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe] => (Allow) C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe
FirewallRules: [UDP Query User{257B7727-D2EC-4145-87C1-36F0C77B5D38}C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe] => (Allow) C:\users\kristyna\desktop\antiguard\projektx-rocnikova_prace-jakub_novotny.exe
FirewallRules: [{499D0FF1-5CA7-4143-82BF-F136D57E7D9D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B4620474-AE7C-400B-BB0E-BB7CC2C98B75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6CF035DC-39D1-418F-91DE-BD0D865BA84E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AF810FA3-8EFE-4FC2-AEC5-88D57F694608}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0057339A-6B2C-4200-B28B-0D2EA2EB6699}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CCD6E2E1-C32C-4AAD-B54D-E9AA634FE55E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{64D3F20C-FAB1-4238-AC9A-27CE4B8AECF6}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{4712FD5C-3085-4C9D-8D0A-0F9385FC772F}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{DBF742BD-28F6-4FA1-B5DB-54504114E3C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{2DA46CCF-8790-4F57-8B1C-B77CA5811A48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [TCP Query User{8AACD568-B06D-4CA6-A331-248A48F6E6C2}C:\program files (x86)\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{8782A2D8-86DC-4F23-981E-72F997EAF654}C:\program files (x86)\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\far cry 3\bin\farcry3.exe
FirewallRules: [{FE5C8581-7096-403D-BEB0-96132209B0AC}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.2913\gxxsvc.exe
FirewallRules: [{26CF3687-B9FE-4FF4-8273-B4D8640BAC13}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1805.1715\gxxsvc.exe
FirewallRules: [TCP Query User{FC40D404-0AB1-4397-A154-5D0C8E657A22}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{7B582FEB-BB55-4A78-86EE-9B572696B932}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{D4567A05-85EB-4EAE-9EFA-F16EE605544C}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{2837817D-954F-4D23-8C8B-F995791391BA}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{0316ADF9-9D94-407B-9181-C29235A2819C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1806.0116\gxxsvc.exe
FirewallRules: [{26F18F3F-388F-4D72-8088-1CA8791F7CDE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{EE1C25CC-769F-4C19-9232-937E93065A87}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{FC9FE252-F0FD-44DA-AEFA-90B2F2C3718E}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{C657AB39-5232-4D76-8B6F-64E5702DAAD0}] => (Block) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{9AD7D63B-9CA7-4BF9-B1E7-7404CE97A1A1}] => (Block) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{B56A071E-D36D-493C-BB3B-B0BEF99492FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{07D66F6B-87FD-4194-906D-1206A913AB50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E6A628E9-9C95-4409-9CAA-082914FCFA39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7C77979-DB24-4F31-BDB9-F871816679A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{7BAD488C-C6C4-4D89-860F-61181D796465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{48A060F5-B80B-4EAE-BD49-3605C55736B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{C8643F68-176E-4D00-8EA9-6C6D6A92D224}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3E147968-D75C-4161-A8C2-886C0B4E4EC1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C2FC4C39-3564-439F-B06E-66E0C14D92BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{94022C68-F8C3-4B6B-A1B8-795DEAA8A344}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{729D4F9C-F490-43EC-89DB-5160AB1CEC8C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1281A408-7487-4850-9676-6EA903BB7E10}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7F0B9CEB-95ED-4744-B68F-5FB2A557A1D9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1DF8F5C6-AE30-4D92-867C-275F58F98772}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{E5321839-66EB-4619-8983-673C61C67F86}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1A7DF05A-BDD2-40F3-B22F-94DAF22A1F44}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{284B69DD-CF0C-4375-92F3-46F3912EB1AE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CC4034B1-F4A3-4ABA-AD39-C68F7CE0907D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B9599F1-CF23-4713-B5F2-EB4D20BF5580}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CCDC6D3D-59C7-4F09-ABFE-7C4A7CC42A54}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{241D595E-BDEC-4589-96BB-638E73537A52}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CF988DF5-CA57-4DBF-B7D4-1C9700C79F4F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A3A7A9ED-4B12-414C-8975-3264EE0690D3}] => (Allow) C:\Windows\SysWOW64\svchost.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2018 09:04:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2018 08:57:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2018 05:13:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: acc

ÄŚas spuĹˇtÄ›nĂ: 01d44071c29e48fa

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: 1b7728e3-ac67-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 4b0

ÄŚas spuĹˇtÄ›nĂ: 01d44071984ef793

ÄŚas ukonÄŤenĂ: 15

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: e0d7c9b5-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:56:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: fdc

ÄŚas spuĹˇtÄ›nĂ: 01d440718a4e1f37

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: d3257ec1-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:55:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 1cf8

ÄŚas spuĹˇtÄ›nĂ: 01d440711f28d03f

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: c4e6c29d-ac64-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:44:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 8.5.0.0 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 2040

ÄŚas spuĹˇtÄ›nĂ: 01d4406fc5ed81f1

ÄŚas ukonÄŤenĂ: 16

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlĂˇĹˇenĂ: 3b901076-ac63-11e8-9d08-c01885b73c13

Error: (08/30/2018 04:43:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program NOTEPAD.EXE verze 6.1.7601.18917 pĹ™estal spolupracovat se systĂ©mem Windows a byl ukonÄŤen. Chcete-li zjistit, zda je k dispozici vĂce informacĂ o tomto problĂ©mu, vyhledejte historii problĂ©mu v ovlĂˇdacĂm panelu Centrum akcĂ.

ID procesu: 1ae4

ÄŚas spuĹˇtÄ›nĂ: 01d4406f82e06097

ÄŚas ukonÄŤenĂ: 0

Cesta k aplikaci: C:\Windows\SysWOW64\NOTEPAD.EXE

ID hlĂˇĹˇenĂ: ff7b8b39-ac62-11e8-9d08-c01885b73c13

System errors:
=============
Error: (08/30/2018 09:15:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Centrum spoleÄŤnosti Microsoft pro ochranu pĹ™ed ĹˇkodlivĂ˝m softwarem

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ podpisu: AntispywarovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\NETWORK SERVICE

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x80072ee7

Popis chyby: Nelze rozpoznat nĂˇzev nebo adresu serveru.

Error: (08/30/2018 09:15:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Centrum spoleÄŤnosti Microsoft pro ochranu pĹ™ed ĹˇkodlivĂ˝m softwarem

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ podpisu: AntivirovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\NETWORK SERVICE

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x80072ee7

Popis chyby: Nelze rozpoznat nĂˇzev nebo adresu serveru.

Error: (08/30/2018 09:14:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu pĹ™i pokusu o aktualizaci podpisĹŻ.

NovĂˇ verze podpisu:

PĹ™edchozĂ verze podpisu: 1.275.330.0

Zdroj aktualizace: Server Microsoft Update

FĂˇze aktualizace: Vyhledat

ZdrojovĂˇ cesta: http://www.microsoft.com

Typ podpisu: AntivirovĂ˝ program

Typ aktualizace: ĂšplnĂ©

UĹľivatel: NT AUTHORITY\SYSTEM

AktuĂˇlnĂ verze modulu:

PĹ™edchozĂ verze modulu: 1.1.15200.1

KĂłd chyby: 0x8024402c

Popis chyby: PĹ™i zjiĹˇĹĄovĂˇnĂ aktualizacĂ doĹˇlo k neoÄŤekĂˇvanĂ˝m potĂĹľĂm. Informace o instalaci nebo Ĺ™eĹˇenĂ potĂĹľĂ s aktualizacemi naleznete v nĂˇpovÄ›dÄ› a podpoĹ™e.

Error: (08/30/2018 09:04:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SluĹľba Wacom Professional Service neuspÄ›la pĹ™i spuĹˇtÄ›nĂ v dĹŻsledku nĂˇsledujĂcĂ chyby:
SystĂ©m nemĹŻĹľe nalĂ©zt uvedenĂ˝ soubor.

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (08/30/2018 09:02:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: RozĹˇiĹ™ujĂcĂ modul sĂtÄ› WLAN byl neoÄŤekĂˇvanÄ› ukonÄŤen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Windows Defender:
===================================
Date: 2018-08-28 21:09:16.729
Description:
ProhledĂˇvĂˇnĂ Windows Defender bylo zastaveno pĹ™ed dokonÄŤenĂm.
ID prohledĂˇvĂˇnĂ:{9AED0D07-DAF7-443C-8C01-93B4C6E2A45F}
Typ prohledĂˇvĂˇnĂ:AntispywarovĂ˝ program
Parametry prohledĂˇvĂˇnĂ:RychlĂ© prohledĂˇvĂˇnĂ
UĹľivatel:Kristyna-PC\Kristyna

CodeIntegrity:
===================================

Date: 2018-08-30 22:20:46.602
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 22:12:29.961
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 21:04:11.646
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:56:13.496
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:51:14.323
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 20:44:32.413
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 17:31:15.209
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-08-30 17:12:46.176
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3956.54 MB
Available physical RAM: 1802.23 MB
Total Virtual: 7911.25 MB
Available Virtual: 5729.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:36.04 GB) NTFS
Drive g: (FLPPY0) (Removable) (Total:14.98 GB) (Free:14.31 GB) FAT32

\\?\Volume{f5973dc4-c0b6-11e7-a3cb-806e6f6e6963}\ (RezervovĂˇno systĂ©mem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 6FBD0404)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 20796B73)
No partition Table on disk 1.

==================== End of Addition.txt ============================

------ log FRST.txt -------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by Kristyna (administrator) on KRISTYNA-PC (30-08-2018 22:22:09)
Running from C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
Loaded Profiles: Kristyna (Available Profiles: Kristyna)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: ÄŚeĹˇtina (ÄŚeskĂˇ republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
() C:\Program Files (x86)\FJ Camera\Monitor.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(IntelÂ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-08-11] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [SSUtility] => C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [273776 2011-09-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [FUJ02B1_Apps] => C:\Program Files (x86)\Fujitsu\FUJ02B1\CheckBatteryPack.exe [367424 2016-05-11] (FUJITSU LIMITED)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [FJ Camera_Monitor] => C:\Program Files (x86)\FJ Camera\monitor.exe [279416 2012-01-18] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2018-05-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-08-27] (Valve Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Discord] => C:\Users\Kristyna\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49799144 2018-08-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-11-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Technician\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start06W7new.cmd [2017-10-20] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{A0575902-F569-4763-B4E2-DAA31512CD10}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-18] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ufnpx8hu.default
FF ProfilePath: C:\Users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\ufnpx8hu.default [2017-12-01]
FF HKLM-x32\...\Firefox\Extensions: [bonjour4firefox@apple.com] - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension
FF Extension: (Bonjour Extension for Firefox) - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension [2018-01-20] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: (Norton Vulnerability Protection) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2018-08-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2018-01-02] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2018-01-02] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default [2018-08-30]
CHR Extension: (Prezentace) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-01]
CHR Extension: (Dokumenty) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-01]
CHR Extension: (Disk Google) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-01]
CHR Extension: (YouTube) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-01]
CHR Extension: (Adblock Plus) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-28]
CHR Extension: (Tampermonkey) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-29]
CHR Extension: (Tabulky) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (ScriptMonkey) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-08-28]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Kristyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-12-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522912 2018-08-07] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [198032 2012-10-18] (Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (IntelÂ® Corporation)
S2 WTabletServicePro; "C:\Program Files\Tablet\Wacom\WTabletServicePro.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20180827.001\BHDrvx64.sys [1919568 2018-08-27] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-08-29] (Symantec Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [15600 2011-07-07] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [59152 2016-05-11] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [86888 2011-08-15] (O2Micro)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20180828.061\IDSvia64.sys [1306592 2018-08-28] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\ENG64.SYS [138832 2018-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20180829.001\EX64.SYS [2153040 2018-08-29] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-11-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3052920 2011-12-23] (Sunplus Technology)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 swg3kmbb00; C:\Windows\System32\DRIVERS\swg3kmbb00.sys [477560 2012-10-18] (Sierra Wireless Incorporated)
R3 swg3knmea00; C:\Windows\System32\DRIVERS\swg3knmea00.sys [269304 2012-10-18] (Sierra Wireless Incorporated)
R3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [269560 2012-10-18] (Sierra Wireless Incorporated)
R3 swibus00; C:\Windows\System32\DRIVERS\swibus00.sys [85880 2012-10-18] (Sierra Wireless Inc.)
R3 swibusflt00; C:\Windows\System32\DRIVERS\swibusflt00.sys [85880 2012-10-18] (Sierra Wireless Inc.)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1134048 2018-06-02] (TENCENT)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115672 2018-05-30] (Wacom Technology, Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-30 22:21 - 2018-08-30 22:21 - 000000000 ____D C:\Users\Kristyna\Desktop\kladivo na Ĺˇmejdy
2018-08-30 22:20 - 2018-08-30 22:20 - 000000000 ____D C:\Users\Kristyna\AppData\Local\TempOfficeC2RE54F952B-894E-400F-A0DD-2BCB331124E4
2018-08-30 22:13 - 2018-08-30 22:22 - 000000000 ____D C:\FRST
2018-08-30 21:11 - 2018-08-30 21:11 - 000000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
2018-08-30 20:51 - 2018-08-30 21:02 - 000000000 ____D C:\AdwCleaner
2018-08-30 20:45 - 2018-08-30 20:43 - 000002204 _____ C:\Users\Kristyna\Desktop\postup.txt
2018-08-30 20:45 - 2018-08-30 20:13 - 007417040 _____ (Malwarebytes) C:\Users\Kristyna\Desktop\adwcleaner_7.2.2.exe
2018-08-30 16:53 - 2018-08-30 16:53 - 000000000 ____D C:\rsit
2018-08-30 16:53 - 2018-08-30 16:53 - 000000000 ____D C:\Program Files\trend micro
2018-08-29 17:08 - 2018-08-29 17:08 - 000007657 _____ C:\Users\Kristyna\AppData\Local\Resmon.ResmonCfg
2018-08-29 16:39 - 2018-08-29 16:42 - 000000000 ____D C:\Data
2018-08-29 14:15 - 2018-08-29 14:44 - 000000000 ____D C:\Users\Kristyna\Downloads\ICQ
2018-08-29 14:10 - 2018-08-29 14:10 - 001720936 ____T C:\Windows\SysWOW64\00009961.tmp
2018-08-29 13:59 - 2018-08-29 13:59 - 001720936 ____T C:\Windows\SysWOW64\00009967.tmp
2018-08-29 13:26 - 2018-08-29 13:26 - 001720936 ____T C:\Windows\SysWOW64\00016918.tmp
2018-08-29 13:10 - 2018-08-29 13:10 - 001720936 ____T C:\Windows\SysWOW64\00008350.tmp
2018-08-29 12:40 - 2018-08-29 12:41 - 000004204 _____ C:\Windows\System32\Tasks\Norton Security Scan for Kristyna
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-08-29 12:40 - 2018-08-29 12:40 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-08-29 12:27 - 2018-08-30 16:37 - 000000000 ____D C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-29 12:14 - 2018-08-30 20:57 - 000003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-08-29 12:13 - 2018-08-29 12:13 - 000000000 ____D C:\Program Files (x86)\Norton AntiVirus
2018-08-29 12:07 - 2018-08-29 12:12 - 232193752 _____ C:\Users\Kristyna\Downloads\NAV-TW-21.1.0-CZ (1).exe
2018-08-29 12:00 - 2018-08-29 12:05 - 222330689 _____ C:\Users\Kristyna\Downloads\Nepotvrzeno 729299.crdownload
2018-08-29 11:18 - 2018-08-30 20:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2018-08-29 11:05 - 2018-08-29 11:29 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2018-08-29 10:42 - 2018-08-29 10:42 - 001720936 ____T C:\Windows\SysWOW64\00024736.tmp
2018-08-29 09:56 - 2018-08-29 09:56 - 000000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2018-08-28 23:27 - 2018-08-28 23:28 - 000000000 ____D C:\Users\Kristyna\AppData\Local\NPE
2018-08-28 23:14 - 2018-08-28 23:14 - 000000000 ____D C:\Users\Kristyna\AppData\Local\CrashDumps
2018-08-28 21:23 - 2018-08-29 12:24 - 000000000 ____D C:\ProgramData\NCOTEMP
2018-08-28 21:23 - 2018-08-29 11:13 - 000099920 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-08-28 21:23 - 2018-08-29 11:13 - 000010396 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-08-28 21:23 - 2018-08-29 11:13 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-08-28 21:22 - 2018-08-30 20:57 - 000000000 ____D C:\Windows\system32\Drivers\NAVx64
2018-08-28 21:22 - 2018-08-29 12:40 - 000000000 ____D C:\ProgramData\Norton
2018-08-28 21:21 - 2018-08-29 17:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-08-28 21:21 - 2018-08-29 12:24 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-08-28 21:13 - 2018-08-28 21:20 - 232193752 _____ C:\Users\Kristyna\Downloads\NAV-TW-21.1.0-CZ.exe
2018-08-28 17:43 - 2018-08-29 11:43 - 000000000 ____D C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-28 15:43 - 2018-08-28 20:47 - 000000000 ____D C:\Users\Kristyna\Downloads\The Sims 4 [FitGirl Repack]
2018-08-28 15:43 - 2018-08-28 15:43 - 000003760 _____ C:\Windows\System32\Tasks\{FF6ED4FB-3AD6-C542-38D3-148DC339F3C5}
2018-08-28 15:43 - 2018-08-28 15:43 - 000003622 _____ C:\Windows\System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC}
2018-08-28 15:43 - 2018-08-28 15:43 - 000003410 _____ C:\Windows\System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC}
2018-08-28 15:43 - 2018-08-28 15:43 - 000000002 _____ C:\Users\Kristyna\AppData\Local\imw.ini
2018-08-28 15:42 - 2018-08-28 15:42 - 000184819 _____ C:\Users\Kristyna\Downloads\the-sims-4-v1_44_77_1020.torrent
2018-08-28 15:40 - 2018-08-28 15:40 - 000000286 _____ C:\Users\Kristyna\Downloads\the-sims-4-v1_44_77_1020_9XA2SW.torrent
2018-08-22 16:15 - 2018-08-22 16:15 - 000089492 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_Truny_Game_of_Thrones_7_serie_CZ_EN_WebRip_1080p_.torrent
2018-08-22 16:14 - 2018-08-22 16:14 - 000015614 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_6_serie_CZ_WebRip_.torrent
2018-08-22 16:03 - 2018-08-22 16:03 - 000076045 _____ C:\Users\Kristyna\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_5_serie_CZ_TvRip_720p_.torrent
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (3).exe
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (2).exe
2018-08-21 20:49 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full (1).exe
2018-08-21 20:48 - 2018-08-21 20:53 - 048155501 _____ (KLCP ) C:\Users\Kristyna\Downloads\K-Lite_Codec_Pack_1436_Full.exe
2018-08-21 20:47 - 2018-08-21 20:47 - 000000000 _____ C:\Users\Kristyna\Downloads\6766b2e3-6928-4419-8b7d-bce41e60b04e.tmp
2018-08-19 15:49 - 2018-08-19 15:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\ICQ
2018-08-19 15:49 - 2018-08-19 15:49 - 000001753 _____ C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2018-08-19 15:49 - 2018-08-19 15:49 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2018-08-19 14:46 - 2018-08-19 14:48 - 035443312 _____ C:\Users\Kristyna\Downloads\icq_rfrset.exe
2018-08-19 14:45 - 2018-08-29 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-19 14:35 - 2018-08-19 14:37 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Kristyna\Downloads\Skype-8.28.0.41.exe
2018-08-11 12:25 - 2018-08-11 12:25 - 002048114 _____ C:\Users\Kristyna\Downloads\Topografie.pdf
2018-08-11 12:08 - 2018-08-11 12:08 - 009667670 _____ C:\Users\Kristyna\Downloads\afz3.zip
2018-08-11 12:07 - 2018-08-11 12:07 - 003973284 _____ C:\Users\Kristyna\Downloads\anÄŤakostra (1).zip
2018-08-11 12:06 - 2018-08-11 12:06 - 003973284 _____ C:\Users\Kristyna\Downloads\anÄŤakostra.zip
2018-08-11 12:06 - 2018-08-11 12:06 - 002731242 _____ C:\Users\Kristyna\Downloads\afz1zakl.zip
2018-08-08 01:55 - 2018-08-08 01:57 - 000000000 ____D C:\Users\Kristyna\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2018-08-04 14:00 - 2018-08-04 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CENEGA
2018-08-04 14:00 - 2018-08-04 14:00 - 000000000 ____D C:\Program Files (x86)\Cenega
2018-08-03 14:40 - 2018-08-03 14:40 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\MPC-HC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-30 22:14 - 2011-04-12 10:34 - 000668376 _____ C:\Windows\system32\perfh005.dat
2018-08-30 22:14 - 2011-04-12 10:34 - 000141004 _____ C:\Windows\system32\perfc005.dat
2018-08-30 22:14 - 2009-07-14 07:13 - 001582262 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-30 22:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-30 21:55 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-30 21:55 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-30 21:45 - 2017-11-23 21:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-30 21:40 - 2018-07-28 10:45 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2018-08-30 21:40 - 2017-11-25 20:03 - 000000000 ____D C:\Program Files (x86)\FJ Camera
2018-08-30 21:04 - 2018-07-28 10:43 - 000000000 ____D C:\Users\Kristyna\AppData\Local\LogMeIn Hamachi
2018-08-30 21:04 - 2017-12-20 13:49 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-30 21:04 - 2017-11-16 19:24 - 000000000 __SHD C:\Users\Kristyna\IntelGraphicsProfiles
2018-08-30 21:03 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-30 16:52 - 2017-11-23 21:58 - 000000000 ____D C:\Filmy
2018-08-29 16:35 - 2018-01-20 16:26 - 000000000 ____D C:\Users\Kristyna\Desktop\osu!
2018-08-29 15:22 - 2017-11-23 21:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\vlc
2018-08-29 15:15 - 2018-01-20 13:51 - 000000000 ____D C:\Users\Kristyna\Documents\Any Send
2018-08-29 15:09 - 2018-07-25 14:35 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\WTablet
2018-08-29 12:34 - 2018-05-05 15:43 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-08-29 10:48 - 2017-12-01 20:57 - 000000000 ____D C:\Users\Kristyna\AppData\Roaming\uTorrent
2018-08-28 22:11 - 2018-05-02 17:23 - 000000000 ____D C:\Users\Kristyna\Desktop\Mafia
2018-08-28 14:34 - 2017-12-04 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-28 14:34 - 2017-12-04 17:53 - 000000000 ____D C:\Program Files\Java
2018-08-28 14:33 - 2017-12-04 17:54 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-22 16:22 - 2018-01-21 14:05 - 000000000 ____D C:\Program Files (x86)\Call of Duty - Modern Warfare 2
2018-08-22 16:22 - 2017-12-02 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty
2018-08-22 16:19 - 2017-11-04 11:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-21 20:55 - 2018-03-03 15:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-21 20:52 - 2018-03-03 14:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-17 18:59 - 2018-03-12 16:56 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1250171309-3979389096-1947347105-1001
2018-08-17 18:59 - 2018-03-03 15:44 - 000002196 _____ C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-08-17 18:59 - 2018-01-30 18:15 - 000000000 ___RD C:\Users\Kristyna\OneDrive
2018-08-11 12:21 - 2018-02-13 17:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 19:41 - 2017-12-21 17:21 - 000000000 ____D C:\Users\Kristyna\Documents\Klei
2018-08-05 09:35 - 2009-07-14 07:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2018-08-28 15:43 - 2018-08-28 15:43 - 000000002 _____ () C:\Users\Kristyna\AppData\Local\imw.ini
2018-08-29 17:08 - 2018-08-29 17:08 - 000007657 _____ () C:\Users\Kristyna\AppData\Local\Resmon.ResmonCfg
2018-04-02 17:09 - 2018-04-02 17:09 - 000000000 _____ () C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}

Some files in TEMP:
====================
2017-12-01 21:32 - 2017-12-01 21:32 - 003603050 _____ () C:\Users\Kristyna\AppData\Local\Temp\BingBarSetup-Partner.exe
2017-11-26 12:39 - 2017-11-26 12:39 - 000000000 ____D () C:\Users\Kristyna\AppData\Local\Temp\engine.exe
2018-04-29 08:05 - 2018-06-01 10:46 - 000450880 _____ (Garena Online ) C:\Users\Kristyna\AppData\Local\Temp\Garena.exe
2018-01-31 21:46 - 2018-01-31 21:46 - 001864256 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-23 16:22 - 2018-04-23 16:22 - 001884616 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-08-28 14:24 - 2018-08-28 14:24 - 001906040 _____ (Oracle Corporation) C:\Users\Kristyna\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-08-28 15:45 - 2017-12-20 00:38 - 000104128 _____ () C:\Users\Kristyna\AppData\Local\Temp\Uninstall.exe
2018-06-25 15:53 - 2018-06-25 15:53 - 040184976 _____ () C:\Users\Kristyna\AppData\Local\Temp\vlc-3.0.3-win32.exe
2017-12-02 12:04 - 2004-12-10 12:01 - 001220976 _____ () C:\Users\Kristyna\AppData\Local\Temp\xfire_installer_10650.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 16:15

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
C:\Windows\SysWOW64\OqIJae.exe
C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\SysWOW64\00009961.tmp
C:\Windows\SysWOW64\00009967.tmp
C:\Windows\SysWOW64\00016918.tmp
C:\Windows\SysWOW64\00008350.tmp
C:\Windows\SysWOW64\00024736.tmp
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}
C:\Users\Kristyna\AppData\Local\Temp

EmptyTemp:
End

Uložte do C:\Users\Kristyna\Desktop\kladivo na šmejdy jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

provedeno dle instrukcí, níže je výpis Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Kristyna (31-08-2018 10:38:02) Run:1
Running from C:\Users\Kristyna\Desktop\kladivo na šmejdy
Loaded Profiles: Kristyna (Available Profiles: Kristyna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {3F518751-7A99-4CCD-8328-CC97AF1DA3F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {42EB5707-EA20-4630-BDEE-C0637EC443F0} - System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => C:\Windows\system32\pcalua.exe -a C:\Users\Kristyna\Desktop\Mafia\Setup.exe -d C:\Users\Kristyna\Desktop\Mafia
Task: {9D275F02-E99B-4F14-BAC4-FB578002C450} - System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => C:\Windows\SysWOW64\OqIJae.exe [2009-07-14] (Microsoft Corporation)
Task: {CF3B5852-6462-40F8-85BC-5C7EB39554D5} - System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => C:\Windows\ZNEXBMkmW.exe [2009-07-14] (Microsoft Corporation)
Task: {E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
C:\Windows\SysWOW64\OqIJae.exe
C:\Windows\ZNEXBMkmW.exe
FirewallRules: [{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}] => (Allow) C:\Windows\SysWOW64\OqIJae.exe
FirewallRules: [{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}] => (Allow) C:\Windows\ZNEXBMkmW.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {3853f588-91b3-11e8-8878-c01885b73c13} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\...\MountPoints2: {967f1677-d6c2-11e7-b9f6-c01885b73c13} - E:\setup\rsrc\Autorun.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\SysWOW64\00009961.tmp
C:\Windows\SysWOW64\00009967.tmp
C:\Windows\SysWOW64\00016918.tmp
C:\Windows\SysWOW64\00008350.tmp
C:\Windows\SysWOW64\00024736.tmp
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E}
C:\Users\Kristyna\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F518751-7A99-4CCD-8328-CC97AF1DA3F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F518751-7A99-4CCD-8328-CC97AF1DA3F0}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42EB5707-EA20-4630-BDEE-C0637EC443F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EB5707-EA20-4630-BDEE-C0637EC443F0}" => removed successfully
C:\Windows\System32\Tasks\{3C80FD02-B4EC-4768-811C-B916497B1FC9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C80FD02-B4EC-4768-811C-B916497B1FC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D275F02-E99B-4F14-BAC4-FB578002C450}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D275F02-E99B-4F14-BAC4-FB578002C450}" => removed successfully
C:\Windows\System32\Tasks\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96C4D4EA-B3A0-73B3-C78E-C2F8A2FEC2AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF3B5852-6462-40F8-85BC-5C7EB39554D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF3B5852-6462-40F8-85BC-5C7EB39554D5}" => removed successfully
C:\Windows\System32\Tasks\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CDF02FD-5E7E-4DBE-5AA0-BC11C8B2E3EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E0206D-4BF7-4EA1-AABA-83AA9028A0A1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\SysWOW64\OqIJae.exe => moved successfully
C:\Windows\ZNEXBMkmW.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5BF9B32-CE2E-49E1-A726-4F1293A090A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F8FC9CB-7BF5-47CA-B7AB-07BA38D5F291}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3853f588-91b3-11e8-8878-c01885b73c13}" => removed successfully
HKLM\Software\Classes\CLSID\{3853f588-91b3-11e8-8878-c01885b73c13} => not found
"HKU\S-1-5-21-1250171309-3979389096-1947347105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{967f1677-d6c2-11e7-b9f6-c01885b73c13}" => removed successfully
HKLM\Software\Classes\CLSID\{967f1677-d6c2-11e7-b9f6-c01885b73c13} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
C:\Windows\SysWOW64\00009961.tmp => moved successfully
C:\Windows\SysWOW64\00009967.tmp => moved successfully
C:\Windows\SysWOW64\00016918.tmp => moved successfully
C:\Windows\SysWOW64\00008350.tmp => moved successfully
C:\Windows\SysWOW64\00024736.tmp => moved successfully
C:\Users\Kristyna\AppData\Local\{B28F926B-E3A0-403B-9EEA-070F9F8FDE2E} => moved successfully

"C:\Users\Kristyna\AppData\Local\Temp" folder move:

Could not move "C:\Users\Kristyna\AppData\Local\Temp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 119244848 B
Java, Flash, Steam htmlcache => 12883439 B
Windows/system/drivers => 98837915 B
Edge => 0 B
Chrome => 407604341 B
Firefox => 161149949 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66356 B
LocalService => 16674 B
NetworkService => 25190820 B
Technician => 813752309 B
Kristyna => 3814531856 B

RecycleBin => 544 B
EmptyTemp: => 5.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-08-2018 10:43:48)

C:\Users\Kristyna\AppData\Local\Temp => moved successfully

==== End of Fixlog 10:43:49 ====

Smazáno. Nastala nějaká změna?

Zkouším to, zatím vypadá, že to funguje, prohlížeč nepadá ani se sám nespouští.
Děkuji Vám moockrát za pomoc!

Copak tam bylo za havěť?

Byl tam BitCoinMiner, další asi 2 trojáky a nějaké zbytečnosti. Nemáte zač!

VIRY.CZ

Problém s BitcoinMiner, padá Chrome při otevření ESET web

Problém s BitcoinMiner, padá Chrome při otevření ESET web

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we

Re: Problém s BitcoinMiner, padá Chrome při otevření ESET we