VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o pomoc

https://forum.viry.cz:443/viewtopic.php?t=155231

Stránka 1 z 2

Prosím o pomoc

Napsal: 30 lis 2018 13:41
od Jsedlak
Dobrý den, nainstaloval jsem si novou verzi programu SUPER, který jsem měl rád a místo toho je to hromada nesmyslů, které se snažím zase odinstalovat. Chtěl bych vás poprosit o pomoc. Hijack this se nespustil protože jsem vypnul router aby to nebylo ještě horší. Děkuji
Log z RSIT :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2018-11-30 13:14:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 27 GB (17%) free of 153 GB
Total RAM: 8054 MB (66% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe"
"taskhost.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH
rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2020
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
igfxEM.exe
igfxHK.exe
igfxTray.exe
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\firefaceusb.exe"
"C:\Windows\System32\TotalMixFX.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe" /hidewindow
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\rundll32.exe" "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix
"C:\Windows\System32\rundll32.exe" "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\Kuba\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=host_int_account1_boot=28474061088 --annotation=machine_id=1595302a-1642-4ed3-b227-87ebd588664b --annotation=platform=win --annotation=platform_version=7 --initial-client-data=0xe0,0xe4,0xe8,0xdc,0xec,0x6aa7dda4,0x6aa7ddb4,0x6aa7ddc4
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:eeb16034-3a9f-4ee2-9a13-fac079967c15 -target-handle:244 -target-shutdown-event:236 -target-restart-event:220 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.5.4 -method:collectupload -handler-pipe:\\.\pipe\crashpad_2384_KDZJIITPLUHCMJXS
"C:\Windows\system32\taskmgr.exe" /4
ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ProxyGate\PGNet.exe" /chknet-upd
C:\Windows\system32\cmd.exe /c ""C:\Windows\Microsoft.NET\Framework\v2.0.50727\del.bat""
\??\C:\Windows\system32\conhost.exe "-390643256-1281031488-859664424770272984-140041976674259051411960239831915690712
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"taskhost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Kuba\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
C:\Windows\tasks\Online Application V2G5.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\77htdns3.default-1478886535918

prefs.js - "browser.startup.homepage" - "http://page-ups.com/all/"

"{29049BEC-CF6D-49FF-8F3F-95D886658152}"=C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 31.0.0.153 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 31.0.0.153 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocn� slu瀊a pro p鴌hl釟en� k tu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2018-09-13 380904]
"FirefaceUsbTray1"=C:\Windows\system32\firefaceusb.exe [2014-08-12 97792]
"FirefaceMixTray2"=C:\Windows\system32\TotalMixFX.exe [2014-06-14 22900952]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"Wondershare Helper Compact.exe"=C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"SunsetScreen"=C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe [2017-07-10 783984]
"6028390"=C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc\b1w3d4nnxul.exe [2018-11-30 554244]
"9658578"=C:\Users\Kuba\AppData\Roaming\15451hedamq\fjorqoanx3i.exe [2018-11-30 554244]
"ntelix"=C:\Users\Kuba\AppData\Local\ntelix.dll [2018-11-30 16384]
"8965497"=C:\Users\Kuba\AppData\Roaming\wim11vgkqpe\mvzq5mb5oyt.exe [2018-11-30 554244]
"8907442"=C:\Users\Kuba\AppData\Roaming\2iab3jajwii\3czl14utddt.exe [2018-11-30 554244]
"6130961"=C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq\mrvd23y1vji.exe [2018-11-30 554244]
"6075169"=C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv\rnzqhsmurak.exe [2018-11-30 554244]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDWlan.EXE]
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE [2009-01-14 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-08-17 788992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2018-11-28 3806016]
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2017-09-12 2133728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Kolnixo\SingleEco.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=MSH263.DRV
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux8"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux9"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux7"=wdmaud.drv
"VIDC.SP54"=SP5X_32.DLL
"VIDC.SP55"=SP5X_32.DLL
"VIDC.SP56"=SP5X_32.DLL
"VIDC.SP57"=SP5X_32.DLL
"VIDC.SP58"=SP5X_32.DLL
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-11-30 13:14:45 ----D---- C:\rsit
2018-11-30 12:58:40 ----D---- C:\Program Files (x86)\DjpYILTWU
2018-11-30 12:57:19 ----D---- C:\Windows\SYSWOW64\SSL
2018-11-30 12:55:50 ----D---- C:\Program Files (x86)\Lavasoft
2018-11-30 12:55:01 ----D---- C:\Program Files (x86)\ProxyGate
2018-11-30 12:54:52 ----D---- C:\ProgramData\Lavasoft
2018-11-30 12:54:41 ----D---- C:\Program Files\5PDUBJ6VHO
2018-11-30 12:54:13 ----D---- C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq
2018-11-30 12:54:06 ----D---- C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv
2018-11-30 12:54:05 ----D---- C:\Users\Kuba\AppData\Roaming\2iab3jajwii
2018-11-30 12:53:45 ----D---- C:\Program Files\1XU1GHZ8LT
2018-11-30 12:52:53 ----D---- C:\Users\Kuba\AppData\Roaming\wim11vgkqpe
2018-11-30 12:52:53 ----D---- C:\Program Files\BJBGG2DL46
2018-11-30 12:52:16 ----D---- C:\Program Files\97EA0VNV5M
2018-11-30 12:47:18 ----D---- C:\ProgramData\Logic Cramble
2018-11-30 12:46:55 ----D---- C:\ProgramData\75f49cc0-6115-0
2018-11-30 12:46:40 ----D---- C:\ProgramData\Kolnixo
2018-11-30 12:46:36 ----D---- C:\ProgramData\75f49cc0-7667-1
2018-11-30 12:46:26 ----D---- C:\ProgramData\423e3873-6901-0
2018-11-30 12:46:15 ----D---- C:\ProgramData\423e3873-58d1-1
2018-11-30 12:46:02 ----D---- C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d
2018-11-30 12:46:00 ----D---- C:\Users\Kuba\AppData\Roaming\One System Care
2018-11-30 12:46:00 ----D---- C:\Program Files (x86)\OneSystemCare
2018-11-30 12:45:12 ----D---- C:\Users\Kuba\AppData\Roaming\15451hedamq
2018-11-30 12:45:06 ----D---- C:\Users\Kuba\AppData\Roaming\CRMSvc
2018-11-30 12:45:00 ----D---- C:\Program Files\8P8WWGG5M8
2018-11-30 12:44:48 ----D---- C:\Program Files\EHXNQX91Y6
2018-11-30 12:44:43 ----D---- C:\Program Files\STXGDJLCBB
2018-11-30 12:44:38 ----D---- C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc
2018-11-30 12:44:34 ----D---- C:\ProgramData\PrefsSecure
2018-11-30 12:44:21 ----D---- C:\Program Files\1K1VXM1KCT
2018-11-30 12:44:20 ----D---- C:\Program Files (x86)\cleanComputerNew
2018-11-30 12:44:14 ----D---- C:\Program Files\J785UGPWRB
2018-11-30 12:44:12 ----D---- C:\Program Files (x86)\bestDownloader
2018-11-30 12:44:06 ----D---- C:\Users\Kuba\AppData\Roaming\Microleaves
2018-11-30 12:43:57 ----D---- C:\Program Files (x86)\tvhjwryp55b
2018-11-30 12:43:57 ----D---- C:\Program Files (x86)\3xcla1myci4
2018-11-30 12:42:51 ----D---- C:\Program Files (x86)\Skaty
2018-11-30 12:42:29 ----D---- C:\Users\Kuba\AppData\Roaming\Browsers
2018-11-30 12:42:28 ----D---- C:\Users\Kuba\AppData\Roaming\SPI
2018-11-29 11:33:44 ----A---- C:\Windows\uninstaller.dat
2018-11-29 11:33:44 ----A---- C:\Windows\MzNjYTZk.exe
2018-11-28 14:09:04 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2018-11-28 14:09:04 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2018-11-28 14:09:04 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2018-11-28 14:09:04 ----A---- C:\Windows\system32\DbxSvc.exe

======List of files/folders modified in the last 1 month======

2018-11-30 13:14:45 ----D---- C:\Program Files\trend micro
2018-11-30 13:14:28 ----D---- C:\Windows\Temp
2018-11-30 13:13:52 ----D---- C:\Windows\system32\drivers
2018-11-30 13:13:47 ----RD---- C:\Program Files
2018-11-30 13:12:36 ----SHD---- C:\Windows\Installer
2018-11-30 13:12:31 ----RD---- C:\Program Files (x86)
2018-11-30 13:11:17 ----SHD---- C:\System Volume Information
2018-11-30 13:09:42 ----D---- C:\Windows\SysWOW64
2018-11-30 13:09:40 ----D---- C:\Windows\system32\DriverStore
2018-11-30 13:09:35 ----D---- C:\Windows\inf
2018-11-30 13:09:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-11-30 13:09:31 ----D---- C:\Windows\twain_32
2018-11-30 13:09:31 ----D---- C:\Windows
2018-11-30 13:04:59 ----D---- C:\Windows\Tasks
2018-11-30 13:04:59 ----D---- C:\Windows\system32\Tasks
2018-11-30 12:54:52 ----D---- C:\ProgramData
2018-11-30 12:54:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-11-30 12:54:01 ----HD---- C:\Windows\system32\GroupPolicy
2018-11-30 12:50:30 ----D---- C:\Program Files (x86)\TeamViewer
2018-11-30 12:47:31 ----SHD---- C:\$RECYCLE.BIN
2018-11-30 12:47:31 ----D---- C:\ProgramData\AMD
2018-11-30 12:44:02 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2018-11-30 12:43:04 ----D---- C:\Windows\Prefetch
2018-11-30 12:40:24 ----D---- C:\Windows\system32\config
2018-11-30 12:33:53 ----D---- C:\Program Files (x86)\eRightSoft
2018-11-30 12:24:46 ----D---- C:\Users\Kuba\AppData\Roaming\vlc
2018-11-29 21:16:31 ----D---- C:\Program Files (x86)\Dropbox
2018-11-29 21:16:21 ----D---- C:\Windows\System32
2018-11-27 02:33:44 ----N---- C:\Windows\system32\MpSigStub.exe
2018-11-26 21:35:07 ----D---- C:\Windows\system32\NDF
2018-11-21 11:03:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-11-21 11:03:03 ----D---- C:\Windows\system32\Macromed
2018-11-21 11:03:02 ----D---- C:\Windows\SYSWOW64\Macromed
2018-11-20 10:08:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 01:13:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-11-14 23:50:13 ----D---- C:\Windows\system32\catroot2
2018-11-05 10:03:13 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 516096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-16 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Wireless PCI Adapter Driver Service; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-11 1579520]
R3 firefaceu64;RME Fireface USB Audio Device; C:\Windows\system32\drivers\fireface_usb_64.sys [2014-08-12 102144]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2018-09-13 4933624]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-11 64624]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-04-10 849992]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 MpKsl8cd54226;MpKsl8cd54226; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsl8cd54226.sys []
S1 MpKsla16eeeb5;MpKsla16eeeb5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsla16eeeb5.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-11-29 13201920]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-11-29 624128]
S3 ASAPIW2K;ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys []
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GPCIDrv;GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys []
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-03-31 460048]
S3 KemperProfiler;Kemper Profiler; C:\Windows\system32\DRIVERS\KemperProfiler.sys [2018-03-22 85320]
S3 lp16_usb;lp16_usb; C:\Windows\System32\Drivers\lp16_usb_x64.sys [2017-02-27 124536]
S3 lp16_usb_avs;lp16_usb_avs; C:\Windows\System32\Drivers\lp16_usb_avs_x64.sys [2017-02-27 82040]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 rspLLL;rspLLL; C:\Windows\system32\DRIVERS\rspLLL64.sys [2013-10-21 25504]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-17 54784]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK); C:\Windows\system32\DRIVERS\zd1211Bu.sys [2009-01-05 602880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-11-29 239616]
R2 CRMSvc;CRMSvc; C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe [2018-11-30 1517568]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2018-11-28 51024]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2018-09-13 343016]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-11-27 11878704]
R2 NmM0ODQ3NjE;NmM0ODQ3NjE; C:\Windows\wxyeltrpuaulyazux.wxy [2018-11-30 1409536]
R2 TeamViewer;TeamViewer 13; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-07-23 11644144]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-08-30 103552]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-08-30 124024]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07 143144]
S2 pgt_svc;PG Manager; C:\Program Files (x86)\ProxyGate\MainService.exe [2017-02-22 2285664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-21 335872]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2018-09-13 376296]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07 143144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-08-23 116224]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-13 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-08-30 50808]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-20 216528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]

-----------------EOF-----------------

Re: Prosím o pomoc

Napsal: 30 lis 2018 14:03
od Rudy
Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Prosím o pomoc

Napsal: 30 lis 2018 14:13
od Jsedlak
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by Kuba (administrator) on KUBA-PC (30-11-2018 14:11:06)
Running from C:\Users\Kuba\Desktop
Loaded Profiles: Kuba (Available Profiles: Kuba)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Daniel White) C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nullsoft, Inc.) B:\Program Files (x86)\Winamp\winamp.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [380904 2018-09-13] ()
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [97792 2014-08-12] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [22900952 2014-06-14] (RME)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3806016 2018-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [SunsetScreen] => C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe [783984 2017-07-10] (Daniel White)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6028390] => C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc\b1w3d4nnxul.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [9658578] => C:\Users\Kuba\AppData\Roaming\15451hedamq\fjorqoanx3i.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [ntelix] => rundll32.exe "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8965497] => C:\Users\Kuba\AppData\Roaming\wim11vgkqpe\mvzq5mb5oyt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8907442] => C:\Users\Kuba\AppData\Roaming\2iab3jajwii\3czl14utddt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6130961] => C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq\mrvd23y1vji.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6075169] => C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv\rnzqhsmurak.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Kolnixo\SingleEco.dll => C:\ProgramData\Kolnixo\SingleEco.dll [342528 2018-11-30] ()
AppInit_DLLs-x32: C:\ProgramData\Kolnixo\Treelex.dll => C:\ProgramData\Kolnixo\Treelex.dll [460800 2018-11-30] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11A1358F-2D27-46C2-ABBC-58AB700B7640}: [DhcpNameServer] 192.168.176.254
Tcpip\..\Interfaces\{245003F5-E297-4DF6-9F65-DEDB3707B6CD}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{24736C7E-F349-421C-A477-03352C4794ED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{24EA0303-88EC-4E27-AB93-1BF5E9E38BB8}: [DhcpNameServer] 62.113.218.34 8.8.8.8
Tcpip\..\Interfaces\{899A5A5A-AA68-43EA-A97F-8C51E51611AF}: [DhcpNameServer] 192.168.176.254
Tcpip\..\Interfaces\{95F5AC4C-CADB-459E-9989-3F3269E062E0}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130846269279176392&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130846269279236395&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=14347 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=14347 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1437732 ... XXZ1E78MAQ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1437732 ... XXZ1E78MAQ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14347 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14347 ... earchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131880531089056931&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyubyD6qB0pwjh5omFRPHymURpPZ6gf8rEdqazc6i-atoVz1cynYzxLCqTlWnFcXbGrRiNpiylKLce8KtXHseV5QMhNGdM7sae7TqmZznmohZ9x7O7ytFMAGsUrpqZHsl6aIy-7V3R5t_hOu8dc49w1o3HehT6Pp&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyubyD6qB0pwjh5omFRPHymURpPZ6gf8rEdqazc6i-atoVz1cynYzxLCqTlWnFcXbGrRiNpiylKLce8KtXHseV5QMhNGdM7sae7TqmZznmohZ9x7O7ytFMAGsUrpqZHsl6aIy-7V3R5t_hOu8dc49w1o3HehT6Pp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyubyD6qB0pwjh5omFRPHymURpPZ6gf8rEdqazc6i-atoVz1cynYzxLCqTlWnFcXbGrRiNpiylKLce8KtXHseV5QMhNGdM7sae7TqmZznmohZ9x7O7ytFMAGsUrpqZHsl6aIy-7V3R5t_hOu8dc49w1o3HehT6Pp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyubyD6qB0pwjh5omFRPHymURpPZ6gf8rEdqazc6i-atoVz1cynYzxLCqTlWnFcXbGrRiNpiylKLce8KtXHseV5QMhNGdM7sae7TqmZznmohZ9x7O7ytFMAGsUrpqZHsl6aIy-7V3R5t_hOu8dc49w1o3HehT6Pp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1437732 ... XXZ1E78MAQ

FireFox:
========
FF DefaultProfile: ewdgfsrv.default-1478886535918-1515683278277
FF ProfilePath: C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277 [2018-11-30]
FF user.js: detected! => C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277\user.js [2018-11-30]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-14]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi [2018-11-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{29049BEC-CF6D-49FF-8F3F-95D886658152}] - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi
FF Extension: ( ) - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi [2018-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{29049BEC-CF6D-49FF-8F3F-95D886658152}] - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-21] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-13] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconfig.js [2018-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-11-30] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-11-30]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2018-11-30] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CRMSvc; C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe [1517568 2018-11-30] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-28] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [343016 2018-09-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NmM0ODQ3NjE; rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASAPIW2K; C:\Windows\SysWOW64\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH) [File not signed]
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) [File not signed]
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94208 2013-09-24] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-16] (Disc Soft Ltd)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [102144 2014-08-12] (RME)
S3 KemperProfiler; C:\Windows\System32\DRIVERS\KemperProfiler.sys [85320 2018-03-22] (Kemper GmbH)
S3 lp16_usb; C:\Windows\System32\Drivers\lp16_usb_x64.sys [124536 2017-02-27] (Archwave)
S3 lp16_usb_avs; C:\Windows\System32\Drivers\lp16_usb_avs_x64.sys [82040 2017-02-27] (Archwave)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2015-09-20] (Macrovision Europe Ltd) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 ZD1211BU(TP-LINK); C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2009-01-05] (Atheros Technology Corporation)
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S1 MpKsl8cd54226; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsl8cd54226.sys [X]
S1 MpKsla16eeeb5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsla16eeeb5.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 14:11 - 2018-11-30 14:12 - 000019554 _____ C:\Users\Kuba\Desktop\FRST.txt
2018-11-30 14:10 - 2018-11-30 14:11 - 000000000 ____D C:\FRST
2018-11-30 14:10 - 2018-11-30 14:10 - 002417152 _____ (Farbar) C:\Users\Kuba\Desktop\FRST64.exe
2018-11-30 13:14 - 2018-11-30 13:14 - 000000000 ____D C:\rsit
2018-11-30 13:03 - 2018-11-30 13:03 - 000003108 _____ C:\Windows\System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C}
2018-11-30 12:58 - 2018-11-30 12:58 - 000000000 ____D C:\Program Files (x86)\DjpYILTWU
2018-11-30 12:57 - 2018-11-30 13:13 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-11-30 12:55 - 2018-11-30 14:09 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-11-30 12:55 - 2018-11-30 12:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-11-30 12:54 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\5PDUBJ6VHO
2018-11-30 12:54 - 2018-11-30 12:54 - 000003330 _____ C:\Windows\System32\Tasks\{e6b1bd71-40ef-4173-8106-93b5f9032a6e}
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\2iab3jajwii
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\ProgramData\Lavasoft
2018-11-30 12:53 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\1XU1GHZ8LT
2018-11-30 12:52 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\BJBGG2DL46
2018-11-30 12:52 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\97EA0VNV5M
2018-11-30 12:52 - 2018-11-30 12:52 - 000015587 _____ C:\Windows\SysWOW64\findit.xml
2018-11-30 12:52 - 2018-11-30 12:52 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\wim11vgkqpe
2018-11-30 12:47 - 2018-11-30 12:47 - 001895383 _____ C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
2018-11-30 12:47 - 2018-11-30 12:47 - 000000342 _____ C:\Windows\Tasks\Online Application V2G5.job
2018-11-30 12:47 - 2018-11-30 12:47 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-11-30 12:47 - 2018-11-30 12:47 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-11-30 12:46 - 2018-11-30 13:05 - 000000000 ____D C:\ProgramData\Kolnixo
2018-11-30 12:46 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\OneSystemCare
2018-11-30 12:46 - 2018-11-30 12:55 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\One System Care
2018-11-30 12:46 - 2018-11-30 12:46 - 007813632 _____ C:\Users\Kuba\AppData\Local\agent.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 002024511 _____ C:\Users\Kuba\AppData\Local\ConDom.tst
2018-11-30 12:46 - 2018-11-30 12:46 - 000126464 _____ C:\Users\Kuba\AppData\Local\noah.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000070896 _____ C:\Users\Kuba\AppData\Local\Config.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000018432 _____ C:\Users\Kuba\AppData\Local\Main.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-30 12:46 - 2018-11-30 12:46 - 000005568 _____ C:\Users\Kuba\AppData\Local\md.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\75f49cc0-7667-1
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\75f49cc0-6115-0
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\423e3873-6901-0
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\423e3873-58d1-1
2018-11-30 12:46 - 2018-11-30 12:42 - 001995264 _____ C:\Users\Kuba\AppData\Local\ConDom.exe
2018-11-30 12:45 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\8P8WWGG5M8
2018-11-30 12:45 - 2018-11-30 12:54 - 000003106 __RSH C:\ProgramData\ntuser.pol
2018-11-30 12:45 - 2018-11-30 12:47 - 002302968 _____ C:\Users\Kuba\4861487.exe
2018-11-30 12:45 - 2018-11-30 12:46 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\CRMSvc
2018-11-30 12:45 - 2018-11-30 12:45 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\15451hedamq
2018-11-30 12:44 - 2018-11-30 13:10 - 000000000 ____D C:\Program Files (x86)\cleanComputerNew
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\STXGDJLCBB
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\J785UGPWRB
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\EHXNQX91Y6
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\1K1VXM1KCT
2018-11-30 12:44 - 2018-11-30 12:58 - 000000000 ____D C:\Program Files (x86)\bestDownloader
2018-11-30 12:44 - 2018-11-30 12:44 - 001409536 _____ C:\Windows\wxyeltrpuaulyazux.wxy
2018-11-30 12:44 - 2018-11-30 12:44 - 000278509 _____ C:\Users\Kuba\AppData\Local\GrooveFax.bin
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\Microleaves
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\AppData\Local\AdvinstAnalytics
2018-11-30 12:43 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\tvhjwryp55b
2018-11-30 12:43 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\3xcla1myci4
2018-11-30 12:43 - 2018-11-30 12:43 - 000001241 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfox.lnk
2018-11-30 12:42 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\Skaty
2018-11-30 12:42 - 2018-11-30 12:58 - 000722944 _____ C:\Users\Kuba\AppData\Local\sham.db
2018-11-30 12:42 - 2018-11-30 12:44 - 000017664 _____ C:\Users\Kuba\AppData\Local\InstallationConfiguration.xml
2018-11-30 12:42 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\Documents\LeaderTask
2018-11-30 12:42 - 2018-11-30 12:43 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\Browsers
2018-11-30 12:42 - 2018-11-30 12:42 - 000140800 _____ C:\Users\Kuba\AppData\Local\installer.dat
2018-11-30 12:42 - 2018-11-30 12:42 - 000001415 ___RS C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlorer.lnk
2018-11-30 12:42 - 2018-11-30 12:42 - 000001196 ___RS C:\Users\Public\Desktop\Diаblo III.lnk
2018-11-30 12:42 - 2018-11-30 12:42 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\SPI
2018-11-29 21:16 - 2018-11-29 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-29 11:33 - 2018-11-29 11:33 - 001939456 _____ C:\Windows\MzNjYTZk.exe
2018-11-29 11:33 - 2018-11-29 11:33 - 000098202 _____ C:\Windows\uninstaller.dat
2018-11-28 14:09 - 2018-11-28 14:09 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-11-28 14:09 - 2018-11-28 14:09 - 000047792 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-11-28 14:09 - 2018-11-28 14:09 - 000047792 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-11-28 14:09 - 2018-11-28 14:09 - 000045752 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-11-15 14:13 - 2018-11-15 14:13 - 000002784 _____ C:\Users\Kuba\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 14:07 - 2016-11-16 20:52 - 000000000 ____D C:\Users\Kuba\AppData\LocalLow\Mozilla
2018-11-30 13:42 - 2017-10-07 21:36 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-30 13:14 - 2014-03-15 15:28 - 000000000 ____D C:\Program Files\trend micro
2018-11-30 13:09 - 2013-12-09 20:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-30 13:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-30 13:05 - 2013-12-09 20:48 - 000001042 ____H C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-11-30 13:05 - 2009-07-14 05:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-30 13:05 - 2009-07-14 05:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-30 12:54 - 2016-11-15 20:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-30 12:54 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-11-30 12:51 - 2014-06-15 16:15 - 000000000 __SHD C:\Users\Kuba\IntelGraphicsProfiles
2018-11-30 12:51 - 2014-03-24 13:04 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-11-30 12:50 - 2013-12-09 21:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-30 12:48 - 2017-10-07 21:36 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-30 12:48 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-30 12:47 - 2013-12-15 23:03 - 000000000 ____D C:\ProgramData\AMD
2018-11-30 12:45 - 2013-12-09 20:48 - 000000000 ____D C:\Users\Kuba
2018-11-30 12:43 - 2018-04-30 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2018-11-30 12:43 - 2016-04-19 13:45 - 000000000 ____D C:\Users\Kuba\AppData\Local\Google
2018-11-30 12:43 - 2013-12-30 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
2018-11-30 12:43 - 2013-12-27 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2018-11-30 12:42 - 2018-04-30 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-11-30 12:33 - 2014-04-20 13:00 - 000000000 ____D C:\Program Files (x86)\eRightSoft
2018-11-30 12:24 - 2014-03-24 23:19 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\vlc
2018-11-29 21:16 - 2017-10-07 21:36 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-27 02:33 - 2010-11-21 04:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-26 21:35 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-21 11:03 - 2018-03-19 22:03 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-21 11:03 - 2013-12-09 22:07 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-21 11:03 - 2013-12-09 22:07 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-21 11:03 - 2013-12-09 22:07 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-21 11:03 - 2013-12-09 22:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-21 11:03 - 2013-12-09 22:07 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-20 10:08 - 2014-03-16 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 01:13 - 2010-11-21 10:27 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-11-17 01:13 - 2010-11-21 10:27 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-11-17 01:13 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-16 11:57 - 2017-12-21 10:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-15 14:15 - 2015-06-23 15:40 - 000000000 ____D C:\Users\Kuba\.gimp-2.8
2018-11-15 10:48 - 2009-07-14 06:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-14 16:58 - 2017-10-07 21:44 - 000000000 ___RD C:\Users\Kuba\Dropbox
2018-11-14 14:17 - 2015-06-23 15:44 - 000000000 ____D C:\Users\Kuba\AppData\Local\gtk-2.0
2018-11-05 10:03 - 2018-02-05 19:59 - 000000000 ____D C:\temp

==================== Files in the root of some directories =======

2018-11-30 12:45 - 2018-11-30 12:47 - 002302968 _____ () C:\Users\Kuba\4861487.exe
2011-09-02 16:00 - 2011-09-02 16:00 - 080039752 _____ (Native Instruments GmbH) C:\Program Files\Guitar Rig 5.dll
2014-08-03 20:24 - 2014-08-03 20:24 - 000000604 ____H () C:\Program Files (x86)\STLL Notifier
2014-01-21 12:17 - 2014-01-21 13:44 - 000000000 _____ () C:\Users\Kuba\AppData\Roaming\bitlord_log.txt
2013-12-27 23:01 - 2014-01-17 11:43 - 000001668 _____ () C:\Users\Kuba\AppData\Roaming\mscoiso.dat
2013-12-27 23:01 - 2014-01-17 11:43 - 000000027 _____ () C:\Users\Kuba\AppData\Roaming\mshogrv.dat
2013-12-27 23:09 - 2014-01-17 11:59 - 000000029 _____ () C:\Users\Kuba\AppData\Roaming\msrxknb.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 007813632 _____ () C:\Users\Kuba\AppData\Local\agent.dat
2018-11-30 12:46 - 2018-11-30 12:42 - 001995264 _____ () C:\Users\Kuba\AppData\Local\ConDom.exe
2018-11-30 12:46 - 2018-11-30 12:46 - 002024511 _____ () C:\Users\Kuba\AppData\Local\ConDom.tst
2018-11-30 12:46 - 2018-11-30 12:46 - 000070896 _____ () C:\Users\Kuba\AppData\Local\Config.xml
2018-11-30 12:44 - 2018-11-30 12:44 - 000278509 _____ () C:\Users\Kuba\AppData\Local\GrooveFax.bin
2018-11-30 12:42 - 2018-11-30 12:44 - 000017664 _____ () C:\Users\Kuba\AppData\Local\InstallationConfiguration.xml
2018-11-30 12:42 - 2018-11-30 12:42 - 000140800 _____ () C:\Users\Kuba\AppData\Local\installer.dat
2018-11-30 12:47 - 2018-11-30 12:47 - 001895383 _____ () C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
2018-11-30 12:46 - 2018-11-30 12:46 - 000018432 _____ () C:\Users\Kuba\AppData\Local\Main.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000005568 _____ () C:\Users\Kuba\AppData\Local\md.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000126464 _____ () C:\Users\Kuba\AppData\Local\noah.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ () C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-15 14:13 - 2018-11-15 14:13 - 000002784 _____ () C:\Users\Kuba\AppData\Local\recently-used.xbel
2014-03-15 14:57 - 2018-04-25 22:42 - 000007605 _____ () C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg
2018-11-30 12:42 - 2018-11-30 12:58 - 000722944 _____ () C:\Users\Kuba\AppData\Local\sham.db

Some files in TEMP:
====================
2018-11-30 12:44 - 2018-11-30 12:44 - 000375522 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\f2koepdgpia.exe
2018-11-30 12:43 - 2018-11-30 12:43 - 000918784 _____ (x66TZ39Q5LE8PtUoSr8P ) C:\Users\Kuba\AppData\Local\Temp\installer.exe
2018-11-30 12:43 - 2018-11-30 12:43 - 008751153 _____ () C:\Users\Kuba\AppData\Local\Temp\s2s.exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000620664 _____ (ZRFXRD ) C:\Users\Kuba\AppData\Local\Temp\Setup (1).exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000803884 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\setup (2).exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000485126 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\setupGI.exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000492831 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\setupSD.exe
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 _____ () C:\Users\Kuba\AppData\Local\Temp\Skypes.exe
2018-08-27 10:06 - 2018-08-27 10:06 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Kuba\AppData\Local\Temp\SkypeSetup.exe
2018-11-30 12:42 - 2018-11-30 12:42 - 001109920 _____ (Up Pro ) C:\Users\Kuba\AppData\Local\Temp\UpProAddonInstaller-ff.exe
2018-11-30 12:54 - 2018-11-30 12:53 - 002033816 _____ () C:\Users\Kuba\AppData\Local\Temp\{87B6E700-E0B0-491E-A35E-16FB483B1833}.exe
2018-11-30 12:46 - 2018-11-30 12:44 - 002033816 _____ () C:\Users\Kuba\AppData\Local\Temp\{E175FF0C-4821-4CE2-B987-090E3591BD5B}.exe
2018-11-30 12:46 - 2018-11-30 12:46 - 000638272 _____ () C:\Users\Kuba\AppData\Local\Temp\~pkB47F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-29 22:09

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Kuba (30-11-2018 14:12:33)
Running from C:\Users\Kuba\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-12-09 19:48:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1993827299-2147907179-2969249044-500 - Administrator - Disabled)
Guest (S-1-5-21-1993827299-2147907179-2969249044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1993827299-2147907179-2969249044-1002 - Limited - Enabled)
Kuba (S-1-5-21-1993827299-2147907179-2969249044-1000 - Administrator - Enabled) => C:\Users\Kuba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version: - Team AiR 2007)
ASAPI (HKLM-x32\...\{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}) (Version: 6.0.0 - Pinnacle Systems GmbH)
Balíček ovladače systému Windows - RME Fireface USB (02/27/2014 1.0.43.0) (HKLM\...\5FBFDE2C34738B4974E4B64B7E3E5056154519E5) (Version: 02/27/2014 1.0.43.0 - RME)
Balíček ovladače systému Windows - RME Fireface USB (06/13/2014 1.0.50.0) (HKLM\...\EA3D162A8B74D16B41C62A4818B2E08458CA5E9F) (Version: 06/13/2014 1.0.50.0 - RME)
Balíček ovladače systému Windows - RME Fireface USB (07/11/2014 1.0.53.0) (HKLM\...\584260420581889184F387B690742A2002A8020B) (Version: 07/11/2014 1.0.53.0 - RME)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Counter-Strike 1.6 v42 (HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Counter-Strike 1.6_is1) (Version: - Valve)
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
Cubase 5 (HKLM\...\{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}) (Version: 5.1.2 - Steinberg)
cymatic audio LP-16 Driver v6.19.0.0 (HKLM-x32\...\cymatic audio LP-16 Driver v6.19.0.0) (Version: 6.19.0.0 - cymatic audio)
Cymatic Audio uTool2 uninstall (HKLM\...\uTool2) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 62.4.103 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version: - )
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXNashville (HKLM-x32\...\{82DF9225-13EC-41BD-BE31-AAB121B38166}) (Version: 1.0 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
FLV and Media Player (3.2.0.3) (HKLM-x32\...\FLV and Media Player) (Version: 3.2.0.3 - Applian Technologies)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hitman Absolution v1.0 (HKLM-x32\...\Hitman Absolution_is1) (Version: 1.0 - Eidos Interactive)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.5057 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
LAV Filters 0.66 (HKLM-x32\...\lavfilters_is1) (Version: 0.66 - Hendrik Leppkes)
Lexicon Pantheon Reverb DX (HKLM-x32\...\Lexicon Pantheon Reverb DX) (Version: - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
MW3 (HKLM-x32\...\MW3v1.4.382) (Version: v1.4.382 - iMortaluz)
Native Instruments Abbey Road 60s Drummer (HKLM-x32\...\Native Instruments Abbey Road 60s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road 70s Drummer (HKLM-x32\...\Native Instruments Abbey Road 70s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road 80s Drummer (HKLM-x32\...\Native Instruments Abbey Road 80s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road Modern Drummer (HKLM-x32\...\Native Instruments Abbey Road Modern Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road Vintage Drummer (HKLM-x32\...\Native Instruments Abbey Road Vintage Drummer) (Version: - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version: 5.2.0.1277 - Native Instruments)
Native Instruments Action Strings (HKLM-x32\...\Native Instruments Action Strings) (Version: - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version: - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version: - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.2.2354 - Native Instruments)
Native Instruments Battery 4 Factory Library (HKLM-x32\...\Native Instruments Battery 4 Factory Library) (Version: 1.0.1.003 - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version: - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.1.1657 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: - Native Instruments)
Native Instruments Driver (HKLM-x32\...\Native Instruments Driver) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Enhanced EQ (HKLM-x32\...\Native Instruments Enhanced EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version: - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version: - Native Instruments)
Native Instruments Evolve R2 (HKLM-x32\...\Native Instruments Evolve R2) (Version: - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.3.0.1244 - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version: - Native Instruments)
Native Instruments Guitar Rig Pro Library for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Pro Library for Maschine) (Version: - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version: - Native Instruments)
Native Instruments Komplete 9 Ultimate (HKLM-x32\...\Native Instruments Komplete 9 Ultimate) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: - Native Instruments)
Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.0.6.1083 - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Drum Selection (HKLM-x32\...\Native Instruments Maschine Drum Selection) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Studio Driver (HKLM-x32\...\Native Instruments Maschine Studio Driver) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.1.0.2 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version: - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: - Native Instruments)
Native Instruments Rammfire for Maschine (HKLM-x32\...\Native Instruments Rammfire for Maschine) (Version: - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version: 1.5.0.9 - Native Instruments)
Native Instruments RC 24 (HKLM-x32\...\Native Instruments RC 24) (Version: 1.1.1.427 - Native Instruments)
Native Instruments RC 48 (HKLM-x32\...\Native Instruments RC 48) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.0.725 - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: 2.0.0.1 - Native Instruments)
Native Instruments Reflektor for Maschine (HKLM-x32\...\Native Instruments Reflektor for Maschine) (Version: - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version: - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version: - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version: - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version: - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version: - Native Instruments)
Native Instruments Scarbee Rickenbacker Bass (HKLM-x32\...\Native Instruments Scarbee Rickenbacker Bass) (Version: - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.0.1093 - Native Instruments)
Native Instruments Session Horns (HKLM-x32\...\Native Instruments Session Horns) (Version: - Native Instruments)
Native Instruments Session Strings Pro (HKLM-x32\...\Native Instruments Session Strings Pro) (Version: - Native Instruments)
Native Instruments Skanner XT (HKLM-x32\...\Native Instruments Skanner XT) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Solid Dynamics FX (HKLM-x32\...\Native Instruments Solid Dynamics FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Solid EQ FX (HKLM-x32\...\Native Instruments Solid EQ FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version: - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: 2.0.0.2 - Native Instruments)
Native Instruments Traktors 12 for Maschine (HKLM-x32\...\Native Instruments Traktors 12 for Maschine) (Version: - Native Instruments)
Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version: - Native Instruments)
Native Instruments Vari Comp (HKLM-x32\...\Native Instruments Vari Comp) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 160 FX (HKLM-x32\...\Native Instruments VC 160 FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 2A FX (HKLM-x32\...\Native Instruments VC 2A FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 76 FX (HKLM-x32\...\Native Instruments VC 76 FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version: - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: - Native Instruments)
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Pharaoh Gold Bundle (HKLM-x32\...\Pharaoh Gold Bundle_is1) (Version: - GOG.com)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Rig Manager (HKLM\...\{5A81E1C9-6CCC-4B2A-9EB3-7C799D4C2DB3}) (Version: 2.1.41.13351 - Kemper GmbH)
RME Fireface USB (HKLM\...\FIREFACE_USB) (Version: 1.0.53.0 - RME Intelligent Audio Solutions)
Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
Skype verze 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SunsetScreen (HKLM\...\{155DF28A-39B0-4447-BA5F-4347AC6A3197}) (Version: - Skytopia)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.5287 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TP-LINK TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}) (Version: 7.0 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{C1EB6825-9339-4B18-99B0-C455B2288FF9}) (Version: 1.00.4323 - TP-LINK TECHNOLOGIES CO., LTD.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9188 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
Waves Complete V9r14 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.14 - Waves)
Waves Mercury Complete VST DX RTAS v1.01 (HKLM-x32\...\Waves Mercury Complete VST DX RTAS_is1) (Version: - Waves Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.3) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\SYSTEM32\IGFXEM.EXE (Intel Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-13] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {0E9E0C7B-A094-4BF0-863B-CAA314E7DEA6} - System32\Tasks\{28DE9851-850C-4543-840F-6F1042E11C9B} => H:\Cracks\Generals\Generals-107-english.exe
Task: {2072FC53-05B4-4075-BB9D-62F3A388BA6E} - System32\Tasks\{8BD21D1A-DFB8-4AD7-A89C-38C9E0D5D2DE} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {25704B6F-78C4-4633-BFB0-31B055DC4FEA} - System32\Tasks\{FB4B2003-2C03-4E01-B27A-9D1FFF86BFAC} => F:\Instalačky\Hry\Command-and-Conquer-Generals\Command and Conquer Generals\generals.exe
Task: {279E6D22-60E0-4DD1-A93B-F585E57FEB24} - System32\Tasks\{e6b1bd71-40ef-4173-8106-93b5f9032a6e} => C:\Users\Kuba\AppData\Local\Temp\{87B6E700-E0B0-491E-A35E-16FB483B1833}.exe [2018-11-30] () <==== ATTENTION
Task: {291B70FE-4B9B-422A-A3B2-8D478C405EAF} - System32\Tasks\{D74E9437-5253-478F-9CC6-87A10EC818AA} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {327619BF-12F6-42C8-8C99-1918B800EA1F} - System32\Tasks\{8098EB4D-871F-4140-BB22-A3FC6751A509} => C:\Windows\system32\pcalua.exe -a D:\DIRECTX\dxsetup.exe -d D:\DIRECTX
Task: {33D991E7-43B9-474A-9A14-CE1F5B2BB286} - System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C} => C:\Windows\system32\pcalua.exe -a C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe -c --uninst
Task: {3F110F7A-BED2-4A77-A2B0-A9154501B7EC} - System32\Tasks\{25CF76D8-BE26-4CC9-BE45-CAB324B2DA92} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {435F65D5-C6CD-40E2-836D-493BAEBEA2B2} - System32\Tasks\{9934AA81-A429-4853-91CA-61CAFD74A742} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {44D0803C-5357-48A0-B993-A94B63FDE3ED} - System32\Tasks\{D0AC6194-88E6-4DF1-A966-4DC9A1CA76E4} => C:\Program Files\Diablo II\Diablo II.exe
Task: {46470C5C-5757-4CA6-AFCB-C2355F33EFCF} - System32\Tasks\{E42E2792-61F0-40A9-82E2-F48170CF4D12} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {48FCCC11-0533-41A3-A46C-5248DFF21D53} - System32\Tasks\{DED71CD7-C393-459C-914B-BBF604D4C152} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {4BC27E43-4353-489C-BC88-46B6F4517873} - System32\Tasks\{4926BAE0-8331-44FB-9F82-FE65D5B1D2DF} => C:\Program Files\Diablo II\Diablo II.exe
Task: {547B998F-1AF2-4B33-B1BD-DBEDC80018D4} - System32\Tasks\{BDAEA9FB-089C-4EEA-9353-4FA375CF8524} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {548E1DC7-9535-40DF-BB3F-7957ECBB3EAA} - System32\Tasks\{634BA5CE-D1CA-49D6-82D2-754EA8CE2E02} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {5D59D660-BF13-4AA9-A94C-CC417C3F8589} - System32\Tasks\{1C92B291-4191-4C6F-BA4B-4EC23EDE1F35} => C:\Program Files\Diablo II\Diablo II.exe
Task: {71C1466B-7245-41EB-9B42-BFC27EC70BEF} - System32\Tasks\{686EE421-D278-4E64-AFF9-1BCB7D8B2E0A} => C:\Program Files\Diablo II\Diablo II.exe
Task: {75292334-9DD9-408D-A31B-5686871EB478} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {75292334-9DD9-408D-A31B-5686871EB478} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {760A909C-60A4-4313-919E-3E024E73D0ED} - System32\Tasks\{73273EBD-591F-425F-B931-D7CCC31441F0} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\Mortal Kombat 4.exe [1998-06-26] ()
Task: {7D788687-AC63-4550-AA94-2B1AE34853A3} - System32\Tasks\{3FB70C2B-ACFF-4F4B-9A36-3EAD7A067C46} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {8653FC59-CF58-4698-BC33-F229AF2E99A1} - System32\Tasks\{33FF6EDB-A45B-40CA-815E-F5287FF23C8C} => C:\Windows\system32\pcalua.exe -a "b:\Program Files (x86)\Maxis\SimCity 4 Deluxe\EAUninstall.exe"
Task: {8CFAA6B3-EF24-47A7-8FA2-9EF3DE2039E1} - System32\Tasks\{E8798731-A08A-4EB5-BA9D-F7E2BFD4A3BB} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\Setup.exe" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
Task: {978F05A1-F52C-4AF9-8DD5-AF55843F3192} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {978F05A1-F52C-4AF9-8DD5-AF55843F3192} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {AA9BAD06-14D2-4852-B7EE-9BFBCB12E8A9} - System32\Tasks\{01E829F5-81A8-4C0E-9113-67FF3F4D3E36} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {AD22BB40-9B0A-4B19-A8C0-5A1DDFF0E862} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {AF62232A-2617-499D-94D6-8880AE1F4417} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {AF62232A-2617-499D-94D6-8880AE1F4417} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {B2BFC38D-71B2-4E73-A3B1-FD73ED9F12F2} - System32\Tasks\{84C68194-073B-49D0-8131-0862A44C41EB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kuba\Downloads\CorelDRAW-11-CZ\CorelDRAW 11 CZ\Setup.exe" -d "C:\Users\Kuba\Downloads\CorelDRAW-11-CZ\CorelDRAW 11 CZ"
Task: {B2E0D913-CEDB-4FFE-B58F-02EB481F5354} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-21] (Adobe Systems Incorporated)
Task: {BABB67CA-9436-45D1-85A0-0800BDC452E6} - System32\Tasks\{FAC1EBC0-EB05-4869-B9B7-A175E44DDFCE} => C:\Hry\Hitman Absolution\HMA.exe [2012-11-21] ()
Task: {BBF8B52F-BBAA-4915-B3E6-DD441225FD3D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07] (Dropbox, Inc.)
Task: {C08E468C-DB34-4D0A-BAB1-A81BD8EB83C5} - System32\Tasks\{C7FEA604-13BB-4FC8-9A28-4B8B28783D41} => B:\Program Files (x86)\EA Games\Command and Conquer Generals\generals.exe
Task: {C46E7A17-161F-491E-8E0C-A7974E9B0732} - System32\Tasks\{F04425E7-BFB2-4954-8BF7-A90408AF49DB} => H:\popTB.exe
Task: {C53B1063-46EA-409C-B0D0-A5B5EF8C0432} - System32\Tasks\{DD2BB637-618F-4AF4-A672-80AA5CFFDDA0} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC} - System32\Tasks\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Waves\Uninstall\unins000.exe"
Task: {CD029AC8-3330-456B-B23E-27F3026EC849} - System32\Tasks\{FFFD4D37-25A2-4BA5-AB2A-543026D78EFF} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\Mortal Kombat 4.exe [1998-06-26] ()
Task: {DC6A74C3-B130-4383-9715-D5BEC1FBA569} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-21] (Adobe Systems Incorporated)
Task: {DD021E49-8729-499B-A9AE-905B7C20460E} - System32\Tasks\{0C6D4993-A4DD-486E-AFF0-9C21B85ABF8F} => C:\Windows\system32\pcalua.exe -a B:\Downloads\LivePlayer_LP-16_Firmware_Upgrade_83934_x64.exe -d B:\Downloads
Task: {DF6EEE41-1700-499B-8230-8701342C67E1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {E6B4D39F-6BB6-406F-9E59-E74AF90B51A5} - System32\Tasks\{175B8642-3005-4D0E-9D93-54E23E03A61E} => B:\Program Files (x86)\EA Games\Command and Conquer Generals\generals.exe
Task: {E838416D-9327-4B7B-A7E1-B6BC47C851E8} - System32\Tasks\{7F50731A-722E-4089-9A9A-58C44B9537B4} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\INSTALL.EXE" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
Task: {ED314C09-6A5C-46B2-B438-A8501DA4D44C} - System32\Tasks\{8B85638F-10F9-43B4-B133-C3843248B683} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {F36A14C2-4814-443C-8AE0-1F0505EC83A7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07] (Dropbox, Inc.)
Task: {F8851DCB-D60C-4E5A-BA23-DC20E84B05A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC62E4C1-4AAD-48F8-AEE3-7CA3AB778131} - System32\Tasks\{1DAC7552-BAAC-493F-A48A-1B0A4EDD8BA9} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\Mortal Kombat 4.exe [1998-06-26] ()
Task: {FF343314-B7A5-4F5B-886A-3CB63DBDC11D} - System32\Tasks\{BF64A39A-9FE2-4C0D-AFAC-69B37FC9BCB1} => C:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlorer.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box\Zombie Army Trilogy\Zоmbie Аrmy Trilоgy.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.rehcnualtaz.bat ()
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorer (No Аdd-ons).lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internеt Eхplorеr Вrowser.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx (2).lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfox.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Public\Desktop\Diаblo III.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-11-30 12:45 - 2018-11-30 12:45 - 001517568 _____ () C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe
2014-01-28 14:05 - 2018-09-13 20:02 - 000380904 _____ () C:\Windows\system32\igfxTray.exe
2018-11-30 12:46 - 2018-11-30 12:54 - 000228352 _____ () C:\Program Files (x86)\Mozilla Firefox\zlib1.dll
2018-11-30 12:44 - 2018-11-30 12:44 - 001409536 _____ () C:\Windows\wxyeltrpuaulyazux.wxy
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ () C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-29 21:15 - 2018-11-28 14:09 - 001141064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-11-29 21:15 - 2018-11-28 14:09 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-09-14 10:00 - 2018-11-28 14:08 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-11-29 21:15 - 2018-11-28 14:10 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:08 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 011410256 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-09-14 10:00 - 2018-11-28 14:11 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-11-29 21:15 - 2018-11-28 14:10 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-10-27 12:45 - 2018-11-28 14:11 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-08-21 15:35 - 2017-09-12 09:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-08-21 15:35 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kuba\Soubory cookie:GUnMlDGKY2aJs4gLAxD7UaX [2466]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\nYUQ0gUR:854ezDQrvKQZ8yISakrmyiu8KA2t [2696]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\peJOgag3XA75k:Xx0d6MNnK0Fb9tTFLr5Gl7B [2734]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-11-30 12:46 - 000001596 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 csc3-2010-crl.verisign.com
127.0.0.1 ocsp.verisign.com
127.0.0.1 crl.verisign.com
127.0.0.1 download.dm.origin.com
127.0.0.1 secure.download.dm.origin.com
127.0.0.1 loginregistration.dm.origin.com
127.0.0.1 achievements.gameservices.ea.com
127.0.0.1 friends.dm.origin.com
127.0.0.1 avatar.dm.origin.com
127.0.0.1 ecommerce.dm.origin.com
127.0.0.1 static.cdn.ea.com
127.0.0.1 tealium.hs.llnwd.net
127.0.0.1 heartbeat.dm.origin.com
127.0.0.1 web.dm.origin.com
127.0.0.1 store.origin.com
127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
127.0.0.1 eaassets-a.akamaihd.net
127.0.0.1 ssl.resources.ea.com
127.0.0.1 akamai.cdn.ea.com
127.0.0.1 novafusion.ea.com
127.0.0.1 proxy.novafusion.ea.com
127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
127.0.0.1 dirtybits.dm.origin.com
127.0.0.1 chat.dm.origin.com
127.0.0.1 easo.ea.com
127.0.0.1 ea.com
127.0.0.1 telemetry.simcity.com
127.0.0.1 ec2-54-228-227-181.eu-west-1.compute.amazonaws.com
127.0.0.1 ec2-46-137-177-16.eu-west-1.compute.amazonaws.com
127.0.0.1 s3-1-w.amazonaws.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ZDWlan.EXE => "C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{5AA75F5A-0ADE-429D-A77E-5AAE4C73DC96}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E7C3E389-B210-4AC6-8475-EECB20EFA7BE}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{A8C36F01-A379-40F2-9DB4-EAF073C7F5B1}B:\program files\mw3\iw5mp.exe] => (Allow) B:\program files\mw3\iw5mp.exe
FirewallRules: [UDP Query User{36866985-510A-4158-997F-91EB06C8B183}B:\program files\mw3\iw5mp.exe] => (Allow) B:\program files\mw3\iw5mp.exe
FirewallRules: [TCP Query User{B201C4C5-0FEC-4E11-978E-37AA21B90EBA}B:\program files\mw3\iw5sp.exe] => (Allow) B:\program files\mw3\iw5sp.exe
FirewallRules: [UDP Query User{0E3768AC-9CC2-454C-A824-CA726E0E2502}B:\program files\mw3\iw5sp.exe] => (Allow) B:\program files\mw3\iw5sp.exe
FirewallRules: [{534EEAE3-63A9-43B4-A6BC-F40B06D520BF}] => (Allow) b:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{75A0FE58-D425-4BED-B0CC-DF34C6559000}] => (Allow) b:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B87244AB-DFB5-472C-BA57-6052481E62AB}B:\program files\mw3\iw5mp_server.exe] => (Allow) B:\program files\mw3\iw5mp_server.exe
FirewallRules: [UDP Query User{35DE04FB-569E-4492-9D70-B7BD3C1A42DC}B:\program files\mw3\iw5mp_server.exe] => (Allow) B:\program files\mw3\iw5mp_server.exe
FirewallRules: [{196E480D-63B5-4BFA-85EB-EF2CF40D2753}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EA8311CD-68C8-49C7-97F5-5AB466689D93}] => (Allow) LPort=2869
FirewallRules: [{824C5FA1-10FD-4A2C-9FF0-53B0E015CC36}] => (Allow) LPort=1900
FirewallRules: [{A144813F-4411-4941-B7BA-47DF6F33AAEB}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{DB263362-8725-4C0F-B5D7-AE8747D7333B}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{9036F632-78AB-4DFF-B53F-2546F932A1BF}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{49288EF1-77C3-4557-B464-4649DB1EC500}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [TCP Query User{9203280F-646A-449E-80C7-BC529F257B59}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{777610DC-A54F-4957-B127-03DCCF989942}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{738E789A-C2CF-4486-9749-74D1C47B3464}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC9A7FE3-7A48-4160-BAD6-5CEF225E6541}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BB114D01-D77A-49E3-B3FA-5C9CF75F7322}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C16AC83D-EB4B-44BE-9992-AB3080B6B526}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{DEBB7DF0-91CD-42F4-B64D-6A4F9338BA4C}H:\poptb.exe] => (Allow) H:\poptb.exe
FirewallRules: [UDP Query User{EB7C4AEE-DB43-4B0C-BF13-6035E633288E}H:\poptb.exe] => (Allow) H:\poptb.exe
FirewallRules: [{CF255639-11FF-4061-A895-3A6B012CF2F3}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{487EDAC6-1FE1-4DCB-A468-11986AB5BEB7}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{0FCF5D05-E754-4A39-BAD7-9A568015C0A3}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{6CD4CCFA-9149-47DA-B4AA-0BA7E2C8DE00}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{F9677E49-9C1A-4DB5-BA3F-C1D21D9C4AB6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABF8E248-7731-427C-B840-9C3BD47F774D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D76BCD3-33F8-44F8-ABC4-9027FB4ED919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{28231DD7-2C54-41DF-A9EA-185FC1EEE9CD}B:\program files\mw3\iw5sp.exe] => (Block) B:\program files\mw3\iw5sp.exe
FirewallRules: [UDP Query User{C7A74B80-77C2-41C9-80FD-C06A23C339B9}B:\program files\mw3\iw5sp.exe] => (Block) B:\program files\mw3\iw5sp.exe
FirewallRules: [TCP Query User{C1DC7C8E-4C66-4FE0-9151-DAF8ACD49B24}B:\program files (x86)\counter\hl.exe] => (Allow) B:\program files (x86)\counter\hl.exe
FirewallRules: [UDP Query User{3035A7BC-A63C-4B19-BB6A-8D3098F1597F}B:\program files (x86)\counter\hl.exe] => (Allow) B:\program files (x86)\counter\hl.exe
FirewallRules: [TCP Query User{4F0FC303-B7E3-415A-9951-3149BF9E190E}B:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) B:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{E5D3020B-8DF8-4233-9FF2-DC5BEDCDDD38}B:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) B:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{DDCE4E31-1339-48D6-8EA9-1DE80EA98DCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A094D88-FF90-4D22-8E24-0DB0B11C19BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9DC34558-E33B-4A7C-981C-83802EB2A6BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7756ABD7-A22F-4A63-85EB-1DD9455C4DF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2134F28D-3529-412F-B82C-EF1E46E33882}] => (Allow) B:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{D13B8BA7-39D0-41A5-8C40-1E27848F37F5}] => (Allow) B:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{AECA62DB-3561-4449-B409-117B00E3AF9D}] => (Allow) B:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{155509CE-EC09-443F-B7AD-6C8C9031EDD5}] => (Allow) B:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{CE459537-0A38-4772-931D-288C16FE5207}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{979A371E-D45F-4F10-8160-BBD81CD5EBF4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{3248A167-0E3C-4761-9934-0546618D1DB8}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe
FirewallRules: [UDP Query User{5A9F541A-E296-478B-B7BC-06CF3D3A98C7}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe
FirewallRules: [{9EB4BDAF-1B3E-427C-BC13-FB4F89F34C08}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

19-11-2018 23:18:57 Windows Update
23-11-2018 18:36:36 Windows Update
26-11-2018 20:50:31 Windows Update
30-11-2018 13:09:04 ??? SPCA1528 PC Driver
30-11-2018 13:10:33 Removed Node.js
30-11-2018 13:11:02 Removed Node.js

==================== Faulty Device Manager Devices =============

Name: Řadič USB (Universal Serial Bus)
Description: Řadič USB (Universal Serial Bus)
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MpKsla16eeeb5
Description: MpKsla16eeeb5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsla16eeeb5
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MpKsl8cd54226
Description: MpKsl8cd54226
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl8cd54226
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2018 12:56:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: Kuba-PC)
Description: Product: Node.js -- Error 1704. An installation for Online Application is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (11/30/2018 12:54:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Multitimer.exe verze 1.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ee0

Čas spuštění: 01d488a33e9623b5

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files (x86)\Multitimer\Multitimer.exe

ID hlášení:

Error: (11/30/2018 12:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x15a8
Čas spuštění chybující aplikace: 0x01d488a358471dca
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\uzV9LfiPA\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 9e46183f-f496-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:53:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xf48
Čas spuštění chybující aplikace: 0x01d488a357b12719
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\A9DdcopYd\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 97e06583-f496-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:53:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x17d8
Čas spuštění chybující aplikace: 0x01d488a337ced88d
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\0sj3mbf4chs\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 81bf1a77-f496-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:50:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2018 12:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: a3.exe, verze: 0.0.0.0, časové razítko: 0x5bf7def4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x10003110
ID chybujícího procesu: 0x18d0
Čas spuštění chybující aplikace: 0x01d488a2202995de
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\4ymbvfucu0b\a3.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 5e309508-f495-11e8-8a36-d43d7ee26067

Error: (11/30/2018 12:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x1a18
Čas spuštění chybující aplikace: 0x01d488a21825a36c
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\vgkiid0gs3j\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 5e2e33a8-f495-11e8-8a36-d43d7ee26067


System errors:
=============
Error: (11/30/2018 02:08:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: Agent serveru proxy služby DNS nemohl přidělit 0 bajtů paměti. To může znamenat, že tento systém má nedostatek virtuální paměti nebo že správce paměti zjistil vnitřní chybu.

Error: (11/30/2018 01:04:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Prefs Secure byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/30/2018 01:04:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Kolnixo byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/30/2018 12:58:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Update přestala během spouštění reagovat.

Error: (11/30/2018 12:56:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Dnscache bylo dosaženo časového limitu (30000 ms).

Error: (11/30/2018 12:54:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba -- neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/30/2018 12:54:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby -- bylo dosaženo časového limitu (30000 ms).

Error: (11/30/2018 12:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba -- neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


CodeIntegrity:
===================================

Date: 2015-09-07 20:51:46.090
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:51:46.044
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:48:12.873
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:48:12.817
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:23:56.355
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:23:56.297
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:22:41.123
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:22:41.077
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 8054.08 MB
Available physical RAM: 4541.54 MB
Total Virtual: 16106.3 MB
Available Virtual: 12574.51 MB

==================== Drives ================================

Drive b: () (Fixed) (Total:465.76 GB) (Free:57 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive c: () (Fixed) (Total:149.05 GB) (Free:27.29 GB) NTFS
Drive f: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:230.02 GB) NTFS
Drive h: (ZAT) (CDROM) (Total:4.81 GB) (Free:0 GB) UDF


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 009003B5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 909E070F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 149.1 GB) (Disk ID: A726A726)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Prosím o pomoc

Napsal: 30 lis 2018 14:53
od Rudy
Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o pomoc

Napsal: 30 lis 2018 15:05
od Jsedlak
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-11-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-30-2018
# Duration: 00:00:06
# OS: Windows 7 Professional
# Cleaned: 116
# Failed: 2


***** [ Services ] *****

Deleted CRMSvc
Deleted pgt_svc

***** [ Folders ] *****

Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Kuba\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Kolnixo
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files (x86)\DjpYILTWU
Deleted C:\Users\Kuba\AppData\Roaming\Microleaves
Deleted C:\Users\Kuba\AppData\Local\Temp\publicHotsp
Deleted C:\Program Files (x86)\bestDownloader
Deleted C:\Users\Kuba\AppData\Local\Temp\bestDownloader
Deleted C:\Users\Kuba\AppData\Local\Temp\ShutdownTime
Deleted C:\ProgramData\CWINMANPROC
Deleted C:\ProgramData\75F49CC0-7667-1
Deleted C:\ProgramData\75F49CC0-6115-0
Deleted C:\ProgramData\423E3873-6901-0
Deleted C:\ProgramData\423E3873-58D1-1
Deleted C:\Users\Kuba\AppData\Roaming\SPI
Deleted C:\Program Files (x86)\Applian Technologies\FLV and Media Player
Deleted C:\Users\Kuba\AppData\Roaming\FLV and Media Player
Deleted C:\Windows\Syswow64\SSL
Deleted C:\Users\Kuba\AppData\Roaming\browsers
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Deleted C:\Users\Kuba\AppData\Roaming\One System Care
Deleted C:\Program Files (x86)\OneSystemCare
Deleted C:\Program Files (x86)\ProxyGate
Deleted C:\ProgramData\PrefsSecure
Deleted C:\Windows\Temp\Smartbar

***** [ Files ] *****

Deleted C:\Program Files (x86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS
Deleted C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277\invalidprefs.js
Deleted C:\Users\Kuba\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kuba\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\Online Application V2G5.job

***** [ Registry ] *****

Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Kolnixo\Treelex.dll"
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Kolnixo\SingleEco.dll"
Deleted HKCU\Software\AskPartnerNetwork
Deleted HKLM\Software\Wow6432Node\AskPartnerNetwork
Deleted HKCU\Software\Microsoft\BigTime
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\delta-homesSoftware
Deleted HKLM\Software\Wow6432Node\FFPluginHp
Deleted HKLM\Software\Wow6432Node\Applian Technologies
Deleted HKLM\Software\Wow6432Node\Clients\Media\ApplianMP
Deleted HKLM\SOFTWARE\Clients\Media\ApplianMP
Deleted HKLM\Software\Wow6432Node\RegisteredApplications|FLV and Media Player
Deleted HKLM\SOFTWARE\RegisteredApplications|FLV and Media Player
Deleted HKLM\SOFTWARE\Classes\Applications\amp.exe
Deleted HKCU\Software\FastDataX
Deleted HKLM\Software\Wow6432Node\IHProtect
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKLM\Software\Speedownloader0099
Deleted HKCU\Software\Mozilla\Extends
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKCU\Software\APN PIP
Deleted HKLM\Software\Wow6432Node\searchult
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV and Media Player
Deleted HKCU\Software\SIMPLYTECH
Deleted HKLM\Software\Wow6432Node\SUPDP
Deleted HKLM\Software\Wow6432Node\RST
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant
Deleted HKLM\Software\Microsoft\Internet Explorer\Search|CustomizeSearch
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKLM\Software\Wow6432Node\mtApService
Deleted HKCU\Environment|SNP
Deleted HKLM\Software\Wow6432Node\omniboxesSoftware
Deleted HKCU\Software\One System Care
Deleted HKCU\Environment|SNF
Deleted HKCU\Software\SpeeDownloader
Deleted HKLM\Software\Wow6432Node\SupTab
Deleted HKCU\Software\TNT2
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKLM\Software\Wow6432Node\supWindowsMangerProtect
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted HKLM\Software\Microsoft\PrIncub
Deleted HKLM\Software\Microsoft\MPrForShutT
Deleted HKLM\Software\Microsoft\PrAmNP
Deleted HKLM\Software\Microsoft\NSaveA
Deleted HKLM\Software\Microsoft\APreSam
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted suggestqueries.google.com
Not Deleted suggestqueries.google.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [11061 octets] - [30/11/2018 14:56:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Prosím o pomoc

Napsal: 30 lis 2018 16:05
od Rudy
Teď dejte nové logy FRST+Addition.

Re: Prosím o pomoc

Napsal: 30 lis 2018 16:10
od Jsedlak
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by Kuba (administrator) on KUBA-PC (30-11-2018 16:07:10)
Running from C:\Users\Kuba\Desktop
Loaded Profiles: Kuba (Available Profiles: Kuba)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Windows\System32\igfxTray.exe
(RME) C:\Windows\System32\firefaceusb.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Users\Kuba\Desktop\adwcleaner_7.2.5.0.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RME) C:\Windows\System32\TotalMixFX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Daniel White) C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [380904 2018-09-13] ()
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [97792 2014-08-12] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [22900952 2014-06-14] (RME)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3806016 2018-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [SunsetScreen] => C:\Program Files (x86)\SunsetScreen\SunsetScreen.exe [783984 2017-07-10] (Daniel White)
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6028390] => C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc\b1w3d4nnxul.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [9658578] => C:\Users\Kuba\AppData\Roaming\15451hedamq\fjorqoanx3i.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [ntelix] => rundll32.exe "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8965497] => C:\Users\Kuba\AppData\Roaming\wim11vgkqpe\mvzq5mb5oyt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8907442] => C:\Users\Kuba\AppData\Roaming\2iab3jajwii\3czl14utddt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6130961] => C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq\mrvd23y1vji.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6075169] => C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv\rnzqhsmurak.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11A1358F-2D27-46C2-ABBC-58AB700B7640}: [DhcpNameServer] 192.168.176.254
Tcpip\..\Interfaces\{245003F5-E297-4DF6-9F65-DEDB3707B6CD}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{24736C7E-F349-421C-A477-03352C4794ED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{24EA0303-88EC-4E27-AB93-1BF5E9E38BB8}: [DhcpNameServer] 62.113.218.34 8.8.8.8
Tcpip\..\Interfaces\{899A5A5A-AA68-43EA-A97F-8C51E51611AF}: [DhcpNameServer] 192.168.176.254
Tcpip\..\Interfaces\{95F5AC4C-CADB-459E-9989-3F3269E062E0}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130846269279176392&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130846269279236395&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131880531089056931&GUID=781A80C0-6E51-4820-A18D-22FCE9965034
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyubyD6qB0pwjh5omFRPHymURpPZ6gf8rEdqazc6i-atoVz1cynYzxLCqTlWnFcXbGrRiNpiylKLce8KtXHseV5QMhNGdM7sae7TqmZznmohZ9x7O7ytFMAGsUrpqZHsl6aIy-7V3R5t_hOu8dc49w1o3HehT6Pp&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1437732 ... XXZ1E78MAQ

FireFox:
========
FF DefaultProfile: ewdgfsrv.default-1478886535918-1515683278277
FF ProfilePath: C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277 [2018-11-30]
FF user.js: detected! => C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277\user.js [2018-11-30]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ewdgfsrv.default-1478886535918-1515683278277\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-14]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi [2018-11-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{29049BEC-CF6D-49FF-8F3F-95D886658152}] - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi
FF Extension: ( ) - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi [2018-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{29049BEC-CF6D-49FF-8F3F-95D886658152}] - C:\Windows\Installer\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-21] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-13] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconfig.js [2018-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-11-30]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2018-11-30] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-28] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [343016 2018-09-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NmM0ODQ3NjE; rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASAPIW2K; C:\Windows\SysWOW64\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH) [File not signed]
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) [File not signed]
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94208 2013-09-24] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-16] (Disc Soft Ltd)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [102144 2014-08-12] (RME)
S3 KemperProfiler; C:\Windows\System32\DRIVERS\KemperProfiler.sys [85320 2018-03-22] (Kemper GmbH)
S3 lp16_usb; C:\Windows\System32\Drivers\lp16_usb_x64.sys [124536 2017-02-27] (Archwave)
S3 lp16_usb_avs; C:\Windows\System32\Drivers\lp16_usb_avs_x64.sys [82040 2017-02-27] (Archwave)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2015-09-20] (Macrovision Europe Ltd) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 ZD1211BU(TP-LINK); C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2009-01-05] (Atheros Technology Corporation)
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S1 MpKsl8cd54226; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsl8cd54226.sys [X]
S1 MpKsla16eeeb5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0882C5-A646-4035-8C10-0B4338A770C4}\MpKsla16eeeb5.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 16:07 - 2018-11-30 16:08 - 000016500 _____ C:\Users\Kuba\Desktop\FRST.txt
2018-11-30 14:54 - 2018-11-30 14:54 - 007321808 _____ (Malwarebytes) C:\Users\Kuba\Desktop\adwcleaner_7.2.5.0.exe
2018-11-30 14:18 - 2018-11-30 14:18 - 000000270 __RSH C:\Users\Kuba\ntuser.pol
2018-11-30 14:10 - 2018-11-30 16:07 - 000000000 ____D C:\FRST
2018-11-30 14:10 - 2018-11-30 14:10 - 002417152 _____ (Farbar) C:\Users\Kuba\Desktop\FRST64.exe
2018-11-30 13:14 - 2018-11-30 13:14 - 000000000 ____D C:\rsit
2018-11-30 13:03 - 2018-11-30 13:03 - 000003108 _____ C:\Windows\System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C}
2018-11-30 12:55 - 2018-11-30 12:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-11-30 12:54 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\5PDUBJ6VHO
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\2iab3jajwii
2018-11-30 12:54 - 2018-11-30 12:54 - 000000000 ____D C:\ProgramData\Lavasoft
2018-11-30 12:53 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\1XU1GHZ8LT
2018-11-30 12:52 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\BJBGG2DL46
2018-11-30 12:52 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\97EA0VNV5M
2018-11-30 12:52 - 2018-11-30 12:52 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\wim11vgkqpe
2018-11-30 12:47 - 2018-11-30 12:47 - 001895383 _____ C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
2018-11-30 12:47 - 2018-11-30 12:47 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-11-30 12:46 - 2018-11-30 12:46 - 007813632 _____ C:\Users\Kuba\AppData\Local\agent.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 002024511 _____ C:\Users\Kuba\AppData\Local\ConDom.tst
2018-11-30 12:46 - 2018-11-30 12:46 - 000126464 _____ C:\Users\Kuba\AppData\Local\noah.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000070896 _____ C:\Users\Kuba\AppData\Local\Config.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-30 12:46 - 2018-11-30 12:46 - 000005568 _____ C:\Users\Kuba\AppData\Local\md.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000000000 ____D C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d
2018-11-30 12:45 - 2018-11-30 15:05 - 000003106 __RSH C:\ProgramData\ntuser.pol
2018-11-30 12:45 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\8P8WWGG5M8
2018-11-30 12:45 - 2018-11-30 12:47 - 002302968 _____ C:\Users\Kuba\4861487.exe
2018-11-30 12:45 - 2018-11-30 12:45 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\15451hedamq
2018-11-30 12:44 - 2018-11-30 13:10 - 000000000 ____D C:\Program Files (x86)\cleanComputerNew
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\STXGDJLCBB
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\J785UGPWRB
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\EHXNQX91Y6
2018-11-30 12:44 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files\1K1VXM1KCT
2018-11-30 12:44 - 2018-11-30 12:44 - 001409536 _____ C:\Windows\wxyeltrpuaulyazux.wxy
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\AppData\Local\AdvinstAnalytics
2018-11-30 12:43 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\tvhjwryp55b
2018-11-30 12:43 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\3xcla1myci4
2018-11-30 12:43 - 2018-11-30 12:43 - 000001241 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfox.lnk
2018-11-30 12:42 - 2018-11-30 13:05 - 000000000 ____D C:\Program Files (x86)\Skaty
2018-11-30 12:42 - 2018-11-30 12:58 - 000722944 _____ C:\Users\Kuba\AppData\Local\sham.db
2018-11-30 12:42 - 2018-11-30 12:44 - 000000000 ____D C:\Users\Kuba\Documents\LeaderTask
2018-11-30 12:42 - 2018-11-30 12:42 - 000140800 _____ C:\Users\Kuba\AppData\Local\installer.dat
2018-11-30 12:42 - 2018-11-30 12:42 - 000001415 ___RS C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlorer.lnk
2018-11-30 12:42 - 2018-11-30 12:42 - 000001196 ___RS C:\Users\Public\Desktop\Diаblo III.lnk
2018-11-29 21:16 - 2018-11-29 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-29 11:33 - 2018-11-29 11:33 - 001939456 _____ C:\Windows\MzNjYTZk.exe
2018-11-29 11:33 - 2018-11-29 11:33 - 000098202 _____ C:\Windows\uninstaller.dat
2018-11-28 14:09 - 2018-11-28 14:09 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-11-28 14:09 - 2018-11-28 14:09 - 000047792 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-11-28 14:09 - 2018-11-28 14:09 - 000047792 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-11-28 14:09 - 2018-11-28 14:09 - 000045752 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-11-15 14:13 - 2018-11-15 14:13 - 000002784 _____ C:\Users\Kuba\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 15:42 - 2017-10-07 21:36 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-30 15:11 - 2009-07-14 05:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-30 15:11 - 2009-07-14 05:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-30 15:10 - 2016-11-16 20:52 - 000000000 ____D C:\Users\Kuba\AppData\LocalLow\Mozilla
2018-11-30 14:59 - 2017-10-07 21:36 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-30 14:59 - 2013-12-09 21:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-30 14:58 - 2014-06-15 16:15 - 000000000 __SHD C:\Users\Kuba\IntelGraphicsProfiles
2018-11-30 14:58 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-30 14:56 - 2014-04-22 14:13 - 000000000 ____D C:\AdwCleaner
2018-11-30 14:56 - 2014-03-24 23:18 - 000000000 ____D C:\Program Files (x86)\Applian Technologies
2018-11-30 14:18 - 2013-12-09 20:48 - 000000000 ____D C:\Users\Kuba
2018-11-30 13:14 - 2014-03-15 15:28 - 000000000 ____D C:\Program Files\trend micro
2018-11-30 13:09 - 2013-12-09 20:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-30 13:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-30 13:05 - 2013-12-09 20:48 - 000001042 ____H C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-11-30 12:54 - 2016-11-15 20:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-30 12:54 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-11-30 12:51 - 2014-03-24 13:04 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-11-30 12:47 - 2013-12-15 23:03 - 000000000 ____D C:\ProgramData\AMD
2018-11-30 12:43 - 2018-04-30 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2018-11-30 12:43 - 2016-04-19 13:45 - 000000000 ____D C:\Users\Kuba\AppData\Local\Google
2018-11-30 12:43 - 2013-12-30 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
2018-11-30 12:43 - 2013-12-27 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2018-11-30 12:42 - 2018-04-30 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-11-30 12:33 - 2014-04-20 13:00 - 000000000 ____D C:\Program Files (x86)\eRightSoft
2018-11-30 12:24 - 2014-03-24 23:19 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\vlc
2018-11-29 21:16 - 2017-10-07 21:36 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-27 02:33 - 2010-11-21 04:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-26 21:35 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-21 11:03 - 2018-03-19 22:03 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-21 11:03 - 2013-12-09 22:07 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-21 11:03 - 2013-12-09 22:07 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-21 11:03 - 2013-12-09 22:07 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-21 11:03 - 2013-12-09 22:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-21 11:03 - 2013-12-09 22:07 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-20 10:08 - 2014-03-16 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 01:13 - 2010-11-21 10:27 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-11-17 01:13 - 2010-11-21 10:27 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-11-17 01:13 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-16 11:57 - 2017-12-21 10:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-15 14:15 - 2015-06-23 15:40 - 000000000 ____D C:\Users\Kuba\.gimp-2.8
2018-11-15 10:48 - 2009-07-14 06:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-11-14 16:58 - 2017-10-07 21:44 - 000000000 ___RD C:\Users\Kuba\Dropbox
2018-11-14 14:17 - 2015-06-23 15:44 - 000000000 ____D C:\Users\Kuba\AppData\Local\gtk-2.0
2018-11-05 10:03 - 2018-02-05 19:59 - 000000000 ____D C:\temp

==================== Files in the root of some directories =======

2018-11-30 12:45 - 2018-11-30 12:47 - 002302968 _____ () C:\Users\Kuba\4861487.exe
2011-09-02 16:00 - 2011-09-02 16:00 - 080039752 _____ (Native Instruments GmbH) C:\Program Files\Guitar Rig 5.dll
2014-08-03 20:24 - 2014-08-03 20:24 - 000000604 ____H () C:\Program Files (x86)\STLL Notifier
2014-01-21 12:17 - 2014-01-21 13:44 - 000000000 _____ () C:\Users\Kuba\AppData\Roaming\bitlord_log.txt
2013-12-27 23:01 - 2014-01-17 11:43 - 000001668 _____ () C:\Users\Kuba\AppData\Roaming\mscoiso.dat
2013-12-27 23:01 - 2014-01-17 11:43 - 000000027 _____ () C:\Users\Kuba\AppData\Roaming\mshogrv.dat
2013-12-27 23:09 - 2014-01-17 11:59 - 000000029 _____ () C:\Users\Kuba\AppData\Roaming\msrxknb.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 007813632 _____ () C:\Users\Kuba\AppData\Local\agent.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 002024511 _____ () C:\Users\Kuba\AppData\Local\ConDom.tst
2018-11-30 12:46 - 2018-11-30 12:46 - 000070896 _____ () C:\Users\Kuba\AppData\Local\Config.xml
2018-11-30 12:42 - 2018-11-30 12:42 - 000140800 _____ () C:\Users\Kuba\AppData\Local\installer.dat
2018-11-30 12:47 - 2018-11-30 12:47 - 001895383 _____ () C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
2018-11-30 12:46 - 2018-11-30 12:46 - 000005568 _____ () C:\Users\Kuba\AppData\Local\md.xml
2018-11-30 12:46 - 2018-11-30 12:46 - 000126464 _____ () C:\Users\Kuba\AppData\Local\noah.dat
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ () C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-15 14:13 - 2018-11-15 14:13 - 000002784 _____ () C:\Users\Kuba\AppData\Local\recently-used.xbel
2014-03-15 14:57 - 2018-04-25 22:42 - 000007605 _____ () C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg
2018-11-30 12:42 - 2018-11-30 12:58 - 000722944 _____ () C:\Users\Kuba\AppData\Local\sham.db

Some files in TEMP:
====================
2018-11-30 12:44 - 2018-11-30 12:44 - 000375522 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\f2koepdgpia.exe
2018-11-30 12:43 - 2018-11-30 12:43 - 000918784 _____ (x66TZ39Q5LE8PtUoSr8P ) C:\Users\Kuba\AppData\Local\Temp\installer.exe
2018-11-30 12:43 - 2018-11-30 12:43 - 008751153 _____ () C:\Users\Kuba\AppData\Local\Temp\s2s.exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000620664 _____ (ZRFXRD ) C:\Users\Kuba\AppData\Local\Temp\Setup (1).exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000803884 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\setup (2).exe
2018-11-30 12:42 - 2018-11-30 12:42 - 000485126 _____ ( ) C:\Users\Kuba\AppData\Local\Temp\setupGI.exe
2018-11-30 12:44 - 2018-11-30 12:44 - 000000000 _____ () C:\Users\Kuba\AppData\Local\Temp\Skypes.exe
2018-08-27 10:06 - 2018-08-27 10:06 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Kuba\AppData\Local\Temp\SkypeSetup.exe
2018-11-30 12:42 - 2018-11-30 12:42 - 001109920 _____ (Up Pro ) C:\Users\Kuba\AppData\Local\Temp\UpProAddonInstaller-ff.exe
2018-11-30 12:46 - 2018-11-30 12:44 - 002033816 _____ () C:\Users\Kuba\AppData\Local\Temp\{E175FF0C-4821-4CE2-B987-090E3591BD5B}.exe
2018-11-30 12:46 - 2018-11-30 12:46 - 000638272 _____ () C:\Users\Kuba\AppData\Local\Temp\~pkB47F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-29 22:09

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Kuba (30-11-2018 16:09:03)
Running from C:\Users\Kuba\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-12-09 19:48:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1993827299-2147907179-2969249044-500 - Administrator - Disabled)
Guest (S-1-5-21-1993827299-2147907179-2969249044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1993827299-2147907179-2969249044-1002 - Limited - Enabled)
Kuba (S-1-5-21-1993827299-2147907179-2969249044-1000 - Administrator - Enabled) => C:\Users\Kuba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version: - Team AiR 2007)
ASAPI (HKLM-x32\...\{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}) (Version: 6.0.0 - Pinnacle Systems GmbH)
Balíček ovladače systému Windows - RME Fireface USB (02/27/2014 1.0.43.0) (HKLM\...\5FBFDE2C34738B4974E4B64B7E3E5056154519E5) (Version: 02/27/2014 1.0.43.0 - RME)
Balíček ovladače systému Windows - RME Fireface USB (06/13/2014 1.0.50.0) (HKLM\...\EA3D162A8B74D16B41C62A4818B2E08458CA5E9F) (Version: 06/13/2014 1.0.50.0 - RME)
Balíček ovladače systému Windows - RME Fireface USB (07/11/2014 1.0.53.0) (HKLM\...\584260420581889184F387B690742A2002A8020B) (Version: 07/11/2014 1.0.53.0 - RME)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Counter-Strike 1.6 v42 (HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Counter-Strike 1.6_is1) (Version: - Valve)
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
Cubase 5 (HKLM\...\{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}) (Version: 5.1.2 - Steinberg)
cymatic audio LP-16 Driver v6.19.0.0 (HKLM-x32\...\cymatic audio LP-16 Driver v6.19.0.0) (Version: 6.19.0.0 - cymatic audio)
Cymatic Audio uTool2 uninstall (HKLM\...\uTool2) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 62.4.103 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version: - )
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXNashville (HKLM-x32\...\{82DF9225-13EC-41BD-BE31-AAB121B38166}) (Version: 1.0 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hitman Absolution v1.0 (HKLM-x32\...\Hitman Absolution_is1) (Version: 1.0 - Eidos Interactive)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.5057 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
LAV Filters 0.66 (HKLM-x32\...\lavfilters_is1) (Version: 0.66 - Hendrik Leppkes)
Lexicon Pantheon Reverb DX (HKLM-x32\...\Lexicon Pantheon Reverb DX) (Version: - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
MW3 (HKLM-x32\...\MW3v1.4.382) (Version: v1.4.382 - iMortaluz)
Native Instruments Abbey Road 60s Drummer (HKLM-x32\...\Native Instruments Abbey Road 60s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road 70s Drummer (HKLM-x32\...\Native Instruments Abbey Road 70s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road 80s Drummer (HKLM-x32\...\Native Instruments Abbey Road 80s Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road Modern Drummer (HKLM-x32\...\Native Instruments Abbey Road Modern Drummer) (Version: - Native Instruments)
Native Instruments Abbey Road Vintage Drummer (HKLM-x32\...\Native Instruments Abbey Road Vintage Drummer) (Version: - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version: 5.2.0.1277 - Native Instruments)
Native Instruments Action Strings (HKLM-x32\...\Native Instruments Action Strings) (Version: - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version: - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version: - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.2.2354 - Native Instruments)
Native Instruments Battery 4 Factory Library (HKLM-x32\...\Native Instruments Battery 4 Factory Library) (Version: 1.0.1.003 - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version: - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.1.1657 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: - Native Instruments)
Native Instruments Driver (HKLM-x32\...\Native Instruments Driver) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Enhanced EQ (HKLM-x32\...\Native Instruments Enhanced EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version: - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version: - Native Instruments)
Native Instruments Evolve R2 (HKLM-x32\...\Native Instruments Evolve R2) (Version: - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.3.0.1244 - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version: - Native Instruments)
Native Instruments Guitar Rig Pro Library for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Pro Library for Maschine) (Version: - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version: - Native Instruments)
Native Instruments Komplete 9 Ultimate (HKLM-x32\...\Native Instruments Komplete 9 Ultimate) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: - Native Instruments)
Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.0.6.1083 - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Drum Selection (HKLM-x32\...\Native Instruments Maschine Drum Selection) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Studio Driver (HKLM-x32\...\Native Instruments Maschine Studio Driver) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.1.0.2 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version: - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: - Native Instruments)
Native Instruments Rammfire for Maschine (HKLM-x32\...\Native Instruments Rammfire for Maschine) (Version: - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version: 1.5.0.9 - Native Instruments)
Native Instruments RC 24 (HKLM-x32\...\Native Instruments RC 24) (Version: 1.1.1.427 - Native Instruments)
Native Instruments RC 48 (HKLM-x32\...\Native Instruments RC 48) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.0.725 - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: 2.0.0.1 - Native Instruments)
Native Instruments Reflektor for Maschine (HKLM-x32\...\Native Instruments Reflektor for Maschine) (Version: - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version: - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version: - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version: - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version: - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version: - Native Instruments)
Native Instruments Scarbee Rickenbacker Bass (HKLM-x32\...\Native Instruments Scarbee Rickenbacker Bass) (Version: - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.0.1093 - Native Instruments)
Native Instruments Session Horns (HKLM-x32\...\Native Instruments Session Horns) (Version: - Native Instruments)
Native Instruments Session Strings Pro (HKLM-x32\...\Native Instruments Session Strings Pro) (Version: - Native Instruments)
Native Instruments Skanner XT (HKLM-x32\...\Native Instruments Skanner XT) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Solid Dynamics FX (HKLM-x32\...\Native Instruments Solid Dynamics FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Solid EQ FX (HKLM-x32\...\Native Instruments Solid EQ FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version: - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: 2.0.0.2 - Native Instruments)
Native Instruments Traktors 12 for Maschine (HKLM-x32\...\Native Instruments Traktors 12 for Maschine) (Version: - Native Instruments)
Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version: - Native Instruments)
Native Instruments Vari Comp (HKLM-x32\...\Native Instruments Vari Comp) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 160 FX (HKLM-x32\...\Native Instruments VC 160 FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 2A FX (HKLM-x32\...\Native Instruments VC 2A FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments VC 76 FX (HKLM-x32\...\Native Instruments VC 76 FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version: - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: - Native Instruments)
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Pharaoh Gold Bundle (HKLM-x32\...\Pharaoh Gold Bundle_is1) (Version: - GOG.com)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Rig Manager (HKLM\...\{5A81E1C9-6CCC-4B2A-9EB3-7C799D4C2DB3}) (Version: 2.1.41.13351 - Kemper GmbH)
RME Fireface USB (HKLM\...\FIREFACE_USB) (Version: 1.0.53.0 - RME Intelligent Audio Solutions)
Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
Skype verze 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SunsetScreen (HKLM\...\{155DF28A-39B0-4447-BA5F-4347AC6A3197}) (Version: - Skytopia)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.5287 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TP-LINK TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}) (Version: 7.0 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{C1EB6825-9339-4B18-99B0-C455B2288FF9}) (Version: 1.00.4323 - TP-LINK TECHNOLOGIES CO., LTD.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9188 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
Waves Complete V9r14 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.14 - Waves)
Waves Mercury Complete VST DX RTAS v1.01 (HKLM-x32\...\Waves Mercury Complete VST DX RTAS_is1) (Version: - Waves Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.3) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\SYSTEM32\IGFXEM.EXE (Intel Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-13] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {06DA2B1D-79F9-416B-9AE7-1E5A63FC4E9D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {0E9E0C7B-A094-4BF0-863B-CAA314E7DEA6} - System32\Tasks\{28DE9851-850C-4543-840F-6F1042E11C9B} => H:\Cracks\Generals\Generals-107-english.exe
Task: {15471B64-0757-4065-BEE7-EF149CC552D0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2072FC53-05B4-4075-BB9D-62F3A388BA6E} - System32\Tasks\{8BD21D1A-DFB8-4AD7-A89C-38C9E0D5D2DE} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {25704B6F-78C4-4633-BFB0-31B055DC4FEA} - System32\Tasks\{FB4B2003-2C03-4E01-B27A-9D1FFF86BFAC} => F:\Instalačky\Hry\Command-and-Conquer-Generals\Command and Conquer Generals\generals.exe
Task: {291B70FE-4B9B-422A-A3B2-8D478C405EAF} - System32\Tasks\{D74E9437-5253-478F-9CC6-87A10EC818AA} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {327619BF-12F6-42C8-8C99-1918B800EA1F} - System32\Tasks\{8098EB4D-871F-4140-BB22-A3FC6751A509} => C:\Windows\system32\pcalua.exe -a D:\DIRECTX\dxsetup.exe -d D:\DIRECTX
Task: {33D991E7-43B9-474A-9A14-CE1F5B2BB286} - System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C} => C:\Windows\system32\pcalua.exe -a C:\Users\Kuba\AppData\Roaming\CRMSvc\CRMSvc.exe -c --uninst
Task: {3F110F7A-BED2-4A77-A2B0-A9154501B7EC} - System32\Tasks\{25CF76D8-BE26-4CC9-BE45-CAB324B2DA92} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {435F65D5-C6CD-40E2-836D-493BAEBEA2B2} - System32\Tasks\{9934AA81-A429-4853-91CA-61CAFD74A742} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {44D0803C-5357-48A0-B993-A94B63FDE3ED} - System32\Tasks\{D0AC6194-88E6-4DF1-A966-4DC9A1CA76E4} => C:\Program Files\Diablo II\Diablo II.exe
Task: {46470C5C-5757-4CA6-AFCB-C2355F33EFCF} - System32\Tasks\{E42E2792-61F0-40A9-82E2-F48170CF4D12} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {48FCCC11-0533-41A3-A46C-5248DFF21D53} - System32\Tasks\{DED71CD7-C393-459C-914B-BBF604D4C152} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {4BC27E43-4353-489C-BC88-46B6F4517873} - System32\Tasks\{4926BAE0-8331-44FB-9F82-FE65D5B1D2DF} => C:\Program Files\Diablo II\Diablo II.exe
Task: {547B998F-1AF2-4B33-B1BD-DBEDC80018D4} - System32\Tasks\{BDAEA9FB-089C-4EEA-9353-4FA375CF8524} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {548E1DC7-9535-40DF-BB3F-7957ECBB3EAA} - System32\Tasks\{634BA5CE-D1CA-49D6-82D2-754EA8CE2E02} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {5D59D660-BF13-4AA9-A94C-CC417C3F8589} - System32\Tasks\{1C92B291-4191-4C6F-BA4B-4EC23EDE1F35} => C:\Program Files\Diablo II\Diablo II.exe
Task: {71C1466B-7245-41EB-9B42-BFC27EC70BEF} - System32\Tasks\{686EE421-D278-4E64-AFF9-1BCB7D8B2E0A} => C:\Program Files\Diablo II\Diablo II.exe
Task: {75292334-9DD9-408D-A31B-5686871EB478} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {75292334-9DD9-408D-A31B-5686871EB478} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {760A909C-60A4-4313-919E-3E024E73D0ED} - System32\Tasks\{73273EBD-591F-425F-B931-D7CCC31441F0} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\Mortal Kombat 4.exe [1998-06-26] ()
Task: {7D788687-AC63-4550-AA94-2B1AE34853A3} - System32\Tasks\{3FB70C2B-ACFF-4F4B-9A36-3EAD7A067C46} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {8653FC59-CF58-4698-BC33-F229AF2E99A1} - System32\Tasks\{33FF6EDB-A45B-40CA-815E-F5287FF23C8C} => C:\Windows\system32\pcalua.exe -a "b:\Program Files (x86)\Maxis\SimCity 4 Deluxe\EAUninstall.exe"
Task: {8CFAA6B3-EF24-47A7-8FA2-9EF3DE2039E1} - System32\Tasks\{E8798731-A08A-4EB5-BA9D-F7E2BFD4A3BB} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\Setup.exe" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
Task: {978F05A1-F52C-4AF9-8DD5-AF55843F3192} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {978F05A1-F52C-4AF9-8DD5-AF55843F3192} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {AA9BAD06-14D2-4852-B7EE-9BFBCB12E8A9} - System32\Tasks\{01E829F5-81A8-4C0E-9113-67FF3F4D3E36} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {AD22BB40-9B0A-4B19-A8C0-5A1DDFF0E862} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {AF62232A-2617-499D-94D6-8880AE1F4417} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {AF62232A-2617-499D-94D6-8880AE1F4417} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {B2BFC38D-71B2-4E73-A3B1-FD73ED9F12F2} - System32\Tasks\{84C68194-073B-49D0-8131-0862A44C41EB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kuba\Downloads\CorelDRAW-11-CZ\CorelDRAW 11 CZ\Setup.exe" -d "C:\Users\Kuba\Downloads\CorelDRAW-11-CZ\CorelDRAW 11 CZ"
Task: {B2E0D913-CEDB-4FFE-B58F-02EB481F5354} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-21] (Adobe Systems Incorporated)
Task: {BABB67CA-9436-45D1-85A0-0800BDC452E6} - System32\Tasks\{FAC1EBC0-EB05-4869-B9B7-A175E44DDFCE} => C:\Hry\Hitman Absolution\HMA.exe [2012-11-21] ()
Task: {BBF8B52F-BBAA-4915-B3E6-DD441225FD3D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07] (Dropbox, Inc.)
Task: {C08E468C-DB34-4D0A-BAB1-A81BD8EB83C5} - System32\Tasks\{C7FEA604-13BB-4FC8-9A28-4B8B28783D41} => B:\Program Files (x86)\EA Games\Command and Conquer Generals\generals.exe
Task: {C46E7A17-161F-491E-8E0C-A7974E9B0732} - System32\Tasks\{F04425E7-BFB2-4954-8BF7-A90408AF49DB} => H:\popTB.exe
Task: {C53B1063-46EA-409C-B0D0-A5B5EF8C0432} - System32\Tasks\{DD2BB637-618F-4AF4-A672-80AA5CFFDDA0} => H:\Cracks\ZeroHour\GeneralsZH-104-english.exe
Task: {C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC} - System32\Tasks\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Waves\Uninstall\unins000.exe"
Task: {CD029AC8-3330-456B-B23E-27F3026EC849} - System32\Tasks\{FFFD4D37-25A2-4BA5-AB2A-543026D78EFF} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\Mortal Kombat 4.exe [1998-06-26] ()
Task: {DC6A74C3-B130-4383-9715-D5BEC1FBA569} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-21] (Adobe Systems Incorporated)
Task: {DD021E49-8729-499B-A9AE-905B7C20460E} - System32\Tasks\{0C6D4993-A4DD-486E-AFF0-9C21B85ABF8F} => C:\Windows\system32\pcalua.exe -a B:\Downloads\LivePlayer_LP-16_Firmware_Upgrade_83934_x64.exe -d B:\Downloads
Task: {E6B4D39F-6BB6-406F-9E59-E74AF90B51A5} - System32\Tasks\{175B8642-3005-4D0E-9D93-54E23E03A61E} => B:\Program Files (x86)\EA Games\Command and Conquer Generals\generals.exe
Task: {E838416D-9327-4B7B-A7E1-B6BC47C851E8} - System32\Tasks\{7F50731A-722E-4089-9A9A-58C44B9537B4} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\INSTALL.EXE" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
Task: {ED314C09-6A5C-46B2-B438-A8501DA4D44C} - System32\Tasks\{8B85638F-10F9-43B4-B133-C3843248B683} => B:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe
Task: {F36A14C2-4814-443C-8AE0-1F0505EC83A7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-07] (Dropbox, Inc.)
Task: {F8851DCB-D60C-4E5A-BA23-DC20E84B05A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC62E4C1-4AAD-48F8-AEE3-7CA3AB778131} - System32\Tasks\{1DAC7552-BAAC-493F-A48A-1B0A4EDD8BA9} => B:\Program Files (x86)\PC Games - Mortal Kombat 4\Mortal Kombat 4.exe [1998-06-26] ()
Task: {FF343314-B7A5-4F5B-886A-3CB63DBDC11D} - System32\Tasks\{BF64A39A-9FE2-4C0D-AFAC-69B37FC9BCB1} => C:\Program Files (x86)\EA Games\Command & Conquer Generals Zero Hour\generals.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlorer.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box\Zombie Army Trilogy\Zоmbie Аrmy Trilоgy.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.rehcnualtaz.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorer (No Аdd-ons).lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internеt Eхplorеr Вrowser.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfox.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Diаblo III.lnk -> C:\Users\Kuba\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2014-01-28 14:05 - 2018-09-13 20:02 - 000380904 _____ () C:\Windows\System32\igfxTray.exe
2018-11-30 12:46 - 2018-11-30 12:54 - 000228352 _____ () C:\Program Files (x86)\Mozilla Firefox\zlib1.dll
2018-11-30 12:44 - 2018-11-30 12:44 - 001409536 _____ () C:\Windows\wxyeltrpuaulyazux.wxy
2018-11-30 12:46 - 2018-11-30 12:46 - 000016384 _____ () C:\Users\Kuba\AppData\Local\ntelix.dll
2018-11-29 21:15 - 2018-11-28 14:09 - 001141064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-11-29 21:15 - 2018-11-28 14:09 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-09-14 10:00 - 2018-11-28 14:08 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-11-29 21:15 - 2018-11-28 14:10 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:08 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:08 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 011410256 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:09 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-09-14 10:00 - 2018-11-28 14:11 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-11-29 21:15 - 2018-11-28 14:10 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-09-14 10:00 - 2018-11-28 14:11 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-10-27 12:45 - 2018-11-28 14:11 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-09-14 10:00 - 2018-11-28 14:11 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-11-29 21:15 - 2018-11-28 14:10 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
2018-08-21 15:35 - 2017-09-12 09:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-08-21 15:35 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kuba\Soubory cookie:GUnMlDGKY2aJs4gLAxD7UaX [2466]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\nYUQ0gUR:854ezDQrvKQZ8yISakrmyiu8KA2t [2696]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\peJOgag3XA75k:Xx0d6MNnK0Fb9tTFLr5Gl7B [2734]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-11-30 12:46 - 000001596 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 csc3-2010-crl.verisign.com
127.0.0.1 ocsp.verisign.com
127.0.0.1 crl.verisign.com
127.0.0.1 download.dm.origin.com
127.0.0.1 secure.download.dm.origin.com
127.0.0.1 loginregistration.dm.origin.com
127.0.0.1 achievements.gameservices.ea.com
127.0.0.1 friends.dm.origin.com
127.0.0.1 avatar.dm.origin.com
127.0.0.1 ecommerce.dm.origin.com
127.0.0.1 static.cdn.ea.com
127.0.0.1 tealium.hs.llnwd.net
127.0.0.1 heartbeat.dm.origin.com
127.0.0.1 web.dm.origin.com
127.0.0.1 store.origin.com
127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
127.0.0.1 eaassets-a.akamaihd.net
127.0.0.1 ssl.resources.ea.com
127.0.0.1 akamai.cdn.ea.com
127.0.0.1 novafusion.ea.com
127.0.0.1 proxy.novafusion.ea.com
127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
127.0.0.1 dirtybits.dm.origin.com
127.0.0.1 chat.dm.origin.com
127.0.0.1 easo.ea.com
127.0.0.1 ea.com
127.0.0.1 telemetry.simcity.com
127.0.0.1 ec2-54-228-227-181.eu-west-1.compute.amazonaws.com
127.0.0.1 ec2-46-137-177-16.eu-west-1.compute.amazonaws.com
127.0.0.1 s3-1-w.amazonaws.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ZDWlan.EXE => "C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{5AA75F5A-0ADE-429D-A77E-5AAE4C73DC96}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{E7C3E389-B210-4AC6-8475-EECB20EFA7BE}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{A8C36F01-A379-40F2-9DB4-EAF073C7F5B1}B:\program files\mw3\iw5mp.exe] => (Allow) B:\program files\mw3\iw5mp.exe
FirewallRules: [UDP Query User{36866985-510A-4158-997F-91EB06C8B183}B:\program files\mw3\iw5mp.exe] => (Allow) B:\program files\mw3\iw5mp.exe
FirewallRules: [TCP Query User{B201C4C5-0FEC-4E11-978E-37AA21B90EBA}B:\program files\mw3\iw5sp.exe] => (Allow) B:\program files\mw3\iw5sp.exe
FirewallRules: [UDP Query User{0E3768AC-9CC2-454C-A824-CA726E0E2502}B:\program files\mw3\iw5sp.exe] => (Allow) B:\program files\mw3\iw5sp.exe
FirewallRules: [{534EEAE3-63A9-43B4-A6BC-F40B06D520BF}] => (Allow) b:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{75A0FE58-D425-4BED-B0CC-DF34C6559000}] => (Allow) b:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B87244AB-DFB5-472C-BA57-6052481E62AB}B:\program files\mw3\iw5mp_server.exe] => (Allow) B:\program files\mw3\iw5mp_server.exe
FirewallRules: [UDP Query User{35DE04FB-569E-4492-9D70-B7BD3C1A42DC}B:\program files\mw3\iw5mp_server.exe] => (Allow) B:\program files\mw3\iw5mp_server.exe
FirewallRules: [{196E480D-63B5-4BFA-85EB-EF2CF40D2753}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EA8311CD-68C8-49C7-97F5-5AB466689D93}] => (Allow) LPort=2869
FirewallRules: [{824C5FA1-10FD-4A2C-9FF0-53B0E015CC36}] => (Allow) LPort=1900
FirewallRules: [{A144813F-4411-4941-B7BA-47DF6F33AAEB}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{DB263362-8725-4C0F-B5D7-AE8747D7333B}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{9036F632-78AB-4DFF-B53F-2546F932A1BF}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{49288EF1-77C3-4557-B464-4649DB1EC500}] => (Allow) B:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [TCP Query User{9203280F-646A-449E-80C7-BC529F257B59}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{777610DC-A54F-4957-B127-03DCCF989942}B:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) B:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{738E789A-C2CF-4486-9749-74D1C47B3464}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC9A7FE3-7A48-4160-BAD6-5CEF225E6541}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BB114D01-D77A-49E3-B3FA-5C9CF75F7322}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C16AC83D-EB4B-44BE-9992-AB3080B6B526}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{DEBB7DF0-91CD-42F4-B64D-6A4F9338BA4C}H:\poptb.exe] => (Allow) H:\poptb.exe
FirewallRules: [UDP Query User{EB7C4AEE-DB43-4B0C-BF13-6035E633288E}H:\poptb.exe] => (Allow) H:\poptb.exe
FirewallRules: [{CF255639-11FF-4061-A895-3A6B012CF2F3}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{487EDAC6-1FE1-4DCB-A468-11986AB5BEB7}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{0FCF5D05-E754-4A39-BAD7-9A568015C0A3}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{6CD4CCFA-9149-47DA-B4AA-0BA7E2C8DE00}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{F9677E49-9C1A-4DB5-BA3F-C1D21D9C4AB6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABF8E248-7731-427C-B840-9C3BD47F774D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D76BCD3-33F8-44F8-ABC4-9027FB4ED919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{28231DD7-2C54-41DF-A9EA-185FC1EEE9CD}B:\program files\mw3\iw5sp.exe] => (Block) B:\program files\mw3\iw5sp.exe
FirewallRules: [UDP Query User{C7A74B80-77C2-41C9-80FD-C06A23C339B9}B:\program files\mw3\iw5sp.exe] => (Block) B:\program files\mw3\iw5sp.exe
FirewallRules: [TCP Query User{C1DC7C8E-4C66-4FE0-9151-DAF8ACD49B24}B:\program files (x86)\counter\hl.exe] => (Allow) B:\program files (x86)\counter\hl.exe
FirewallRules: [UDP Query User{3035A7BC-A63C-4B19-BB6A-8D3098F1597F}B:\program files (x86)\counter\hl.exe] => (Allow) B:\program files (x86)\counter\hl.exe
FirewallRules: [TCP Query User{4F0FC303-B7E3-415A-9951-3149BF9E190E}B:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) B:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{E5D3020B-8DF8-4233-9FF2-DC5BEDCDDD38}B:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) B:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{DDCE4E31-1339-48D6-8EA9-1DE80EA98DCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A094D88-FF90-4D22-8E24-0DB0B11C19BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9DC34558-E33B-4A7C-981C-83802EB2A6BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7756ABD7-A22F-4A63-85EB-1DD9455C4DF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2134F28D-3529-412F-B82C-EF1E46E33882}] => (Allow) B:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{D13B8BA7-39D0-41A5-8C40-1E27848F37F5}] => (Allow) B:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{AECA62DB-3561-4449-B409-117B00E3AF9D}] => (Allow) B:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{155509CE-EC09-443F-B7AD-6C8C9031EDD5}] => (Allow) B:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{CE459537-0A38-4772-931D-288C16FE5207}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{979A371E-D45F-4F10-8160-BBD81CD5EBF4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{3248A167-0E3C-4761-9934-0546618D1DB8}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe
FirewallRules: [UDP Query User{5A9F541A-E296-478B-B7BC-06CF3D3A98C7}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe
FirewallRules: [{9EB4BDAF-1B3E-427C-BC13-FB4F89F34C08}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

19-11-2018 23:18:57 Windows Update
23-11-2018 18:36:36 Windows Update
26-11-2018 20:50:31 Windows Update
30-11-2018 13:09:04 ??? SPCA1528 PC Driver
30-11-2018 13:10:33 Removed Node.js
30-11-2018 13:11:02 Removed Node.js

==================== Faulty Device Manager Devices =============

Name: Řadič USB (Universal Serial Bus)
Description: Řadič USB (Universal Serial Bus)
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MpKsla16eeeb5
Description: MpKsla16eeeb5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsla16eeeb5
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MpKsl8cd54226
Description: MpKsl8cd54226
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl8cd54226
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2018 03:02:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: rundll32.exe, verze: 6.1.7601.23755, časové razítko: 0x58dd1d09
Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744, časové razítko: 0x4eeaf722
Kód výjimky: 0x40000015
Posun chyby: 0x0005620a
ID chybujícího procesu: 0xa18
Čas spuštění chybující aplikace: 0x01d488b4df998cd8
Cesta k chybující aplikaci: C:\Windows\SysWOW64\rundll32.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\msvcrt.dll
ID zprávy: 933c14a6-f4a8-11e8-b332-d43d7ee26067

Error: (11/30/2018 02:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2018 02:50:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: rundll32.exe, verze: 6.1.7601.23755, časové razítko: 0x58dd1d09
Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744, časové razítko: 0x4eeaf722
Kód výjimky: 0x40000015
Posun chyby: 0x0005620a
ID chybujícího procesu: 0xbe4
Čas spuštění chybující aplikace: 0x01d488b38ec31ef3
Cesta k chybující aplikaci: C:\Windows\SysWOW64\rundll32.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\msvcrt.dll
ID zprávy: e29832db-f4a6-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:56:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: Kuba-PC)
Description: Product: Node.js -- Error 1704. An installation for Online Application is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (11/30/2018 12:54:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Multitimer.exe verze 1.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ee0

Čas spuštění: 01d488a33e9623b5

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files (x86)\Multitimer\Multitimer.exe

ID hlášení:

Error: (11/30/2018 12:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x15a8
Čas spuštění chybující aplikace: 0x01d488a358471dca
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\uzV9LfiPA\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 9e46183f-f496-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:53:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xf48
Čas spuštění chybující aplikace: 0x01d488a357b12719
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\A9DdcopYd\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 97e06583-f496-11e8-b3f0-d43d7ee26067

Error: (11/30/2018 12:53:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: linker.exe, verze: 1.0.0.1, časové razítko: 0x5c012031
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db2d4
Kód výjimky: 0xe0434f4d
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x17d8
Čas spuštění chybující aplikace: 0x01d488a337ced88d
Cesta k chybující aplikaci: C:\Users\Kuba\AppData\Local\Temp\0sj3mbf4chs\linker.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 81bf1a77-f496-11e8-b3f0-d43d7ee26067


System errors:
=============
Error: (11/30/2018 03:04:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Update přestala během spouštění reagovat.

Error: (11/30/2018 02:57:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\Drivers\ASAPIW2K.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (11/30/2018 02:57:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\Drivers\ASAPIW2K.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (11/30/2018 02:56:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/30/2018 02:56:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NIHardwareService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/30/2018 02:56:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DbxSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/30/2018 02:56:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (11/30/2018 02:56:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


CodeIntegrity:
===================================

Date: 2015-09-07 20:51:46.090
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:51:46.044
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:48:12.873
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-07 20:48:12.817
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:23:56.355
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:23:56.297
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:22:41.123
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-04 11:22:41.077
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrxusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8054.08 MB
Available physical RAM: 5083.75 MB
Total Virtual: 16106.3 MB
Available Virtual: 13103.11 MB

==================== Drives ================================

Drive b: () (Fixed) (Total:465.76 GB) (Free:57 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive c: () (Fixed) (Total:149.05 GB) (Free:27.08 GB) NTFS
Drive f: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:230.02 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 009003B5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 909E070F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 149.1 GB) (Disk ID: A726A726)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Prosím o pomoc

Napsal: 30 lis 2018 18:06
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6028390] => C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc\b1w3d4nnxul.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [9658578] => C:\Users\Kuba\AppData\Roaming\15451hedamq\fjorqoanx3i.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [ntelix] => rundll32.exe "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8965497] => C:\Users\Kuba\AppData\Roaming\wim11vgkqpe\mvzq5mb5oyt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8907442] => C:\Users\Kuba\AppData\Roaming\2iab3jajwii\3czl14utddt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6130961] => C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq\mrvd23y1vji.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6075169] => C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv\rnzqhsmurak.exe [554244 2018-11-30] ( )
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... HehT6Pp&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
earchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconfig.js [2018-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2018-11-30] <==== ATTENTION
R2 NmM0ODQ3NjE; rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH [X]
C:\Windows\System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C}
C:\Program Files\5PDUBJ6VHO
C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq
C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv
C:\Users\Kuba\AppData\Roaming\2iab3jajwii
C:\Program Files\1XU1GHZ8LT
C:\Program Files\BJBGG2DL46
C:\Program Files\97EA0VNV5M
C:\Users\Kuba\AppData\Roaming\wim11vgkqpe
C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d
C:\Program Files\8P8WWGG5M8
C:\Users\Kuba\4861487.exe
C:\Users\Kuba\AppData\Roaming\15451hedamq
C:\Program Files\STXGDJLCBB
C:\Program Files\J785UGPWRB
C:\Program Files\EHXNQX91Y6
C:\Program Files\1K1VXM1KCT
C:\Windows\wxyeltrpuaulyazux.wxy
C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc
C:\Program Files (x86)\tvhjwryp55b
C:\Program Files (x86)\3xcla1myci4
C:\Windows\MzNjYTZk.exe
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
C:\Users\Kuba\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {C46E7A17-161F-491E-8E0C-A7974E9B0732} - System32\Tasks\{F04425E7-BFB2-4954-8BF7-A90408AF49DB} => H:\popTB.exe
Task: {C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC} - System32\Tasks\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Waves\Uninstall\unins000.exe"
Task: {E838416D-9327-4B7B-A7E1-B6BC47C851E8} - System32\Tasks\{7F50731A-722E-4089-9A9A-58C44B9537B4} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\INSTALL.EXE" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
AlternateDataStreams: C:\Users\Kuba\Soubory cookie:GUnMlDGKY2aJs4gLAxD7UaX [2466]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\nYUQ0gUR:854ezDQrvKQZ8yISakrmyiu8KA2t [2696]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\peJOgag3XA75k:Xx0d6MNnK0Fb9tTFLr5Gl7B [2734]

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Probůh, kam jste to vlezl? Tam je ale svinstva!

Re: Prosím o pomoc

Napsal: 30 lis 2018 18:28
od Jsedlak
Fix result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Kuba (30-11-2018 18:09:06) Run:1
Running from C:\Users\Kuba\Desktop
Loaded Profiles: Kuba (Available Profiles: Kuba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6028390] => C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc\b1w3d4nnxul.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [9658578] => C:\Users\Kuba\AppData\Roaming\15451hedamq\fjorqoanx3i.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [ntelix] => rundll32.exe "C:\Users\Kuba\AppData\Local\ntelix.dll",ntelix <==== ATTENTION
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8965497] => C:\Users\Kuba\AppData\Roaming\wim11vgkqpe\mvzq5mb5oyt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [8907442] => C:\Users\Kuba\AppData\Roaming\2iab3jajwii\3czl14utddt.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6130961] => C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq\mrvd23y1vji.exe [554244 2018-11-30] ( )
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\...\Run: [6075169] => C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv\rnzqhsmurak.exe [554244 2018-11-30] ( )
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... HehT6Pp&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
earchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconfig.js [2018-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2018-11-30] <==== ATTENTION
R2 NmM0ODQ3NjE; rundll32.exe C:\Windows\wxyeltrpuaulyazux.wxy CaH [X]
C:\Windows\System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C}
C:\Program Files\5PDUBJ6VHO
C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq
C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv
C:\Users\Kuba\AppData\Roaming\2iab3jajwii
C:\Program Files\1XU1GHZ8LT
C:\Program Files\BJBGG2DL46
C:\Program Files\97EA0VNV5M
C:\Users\Kuba\AppData\Roaming\wim11vgkqpe
C:\Users\Kuba\AppData\Local\LotTraxfresh.bin
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d
C:\Program Files\8P8WWGG5M8
C:\Users\Kuba\4861487.exe
C:\Users\Kuba\AppData\Roaming\15451hedamq
C:\Program Files\STXGDJLCBB
C:\Program Files\J785UGPWRB
C:\Program Files\EHXNQX91Y6
C:\Program Files\1K1VXM1KCT
C:\Windows\wxyeltrpuaulyazux.wxy
C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc
C:\Program Files (x86)\tvhjwryp55b
C:\Program Files (x86)\3xcla1myci4
C:\Windows\MzNjYTZk.exe
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
C:\Users\Kuba\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {C46E7A17-161F-491E-8E0C-A7974E9B0732} - System32\Tasks\{F04425E7-BFB2-4954-8BF7-A90408AF49DB} => H:\popTB.exe
Task: {C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC} - System32\Tasks\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Waves\Uninstall\unins000.exe"
Task: {E838416D-9327-4B7B-A7E1-B6BC47C851E8} - System32\Tasks\{7F50731A-722E-4089-9A9A-58C44B9537B4} => C:\Windows\system32\pcalua.exe -a "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install\INSTALL.EXE" -d "B:\Program Files (x86)\PC Games - Mortal Kombat 4\MK4Install"
AlternateDataStreams: C:\Users\Kuba\Soubory cookie:GUnMlDGKY2aJs4gLAxD7UaX [2466]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\nYUQ0gUR:854ezDQrvKQZ8yISakrmyiu8KA2t [2696]
AlternateDataStreams: C:\Users\Kuba\AppData\Local\peJOgag3XA75k:Xx0d6MNnK0Fb9tTFLr5Gl7B [2734]

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6028390" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\9658578" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ntelix" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8965497" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8907442" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6130961" => removed successfully
"HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6075169" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
earchScopes: HKU\S-1-5-21-1993827299-2147907179-2969249044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE => Error: No automatic fix found for this entry.
C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconfig.js => moved successfully
C:\Program Files (x86)\mozilla firefox\mozilla.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\NmM0ODQ3NjE => removed successfully
NmM0ODQ3NjE => service removed successfully
C:\Windows\System32\Tasks\{E651EFF6-02FF-44C0-9F0A-3BD8C36B956C} => moved successfully
C:\Program Files\5PDUBJ6VHO => moved successfully
C:\Users\Kuba\AppData\Roaming\xl50bgvo3tq => moved successfully
C:\Users\Kuba\AppData\Roaming\nsuy20tfyqv => moved successfully
C:\Users\Kuba\AppData\Roaming\2iab3jajwii => moved successfully
C:\Program Files\1XU1GHZ8LT => moved successfully
C:\Program Files\BJBGG2DL46 => moved successfully
C:\Program Files\97EA0VNV5M => moved successfully
C:\Users\Kuba\AppData\Roaming\wim11vgkqpe => moved successfully
C:\Users\Kuba\AppData\Local\LotTraxfresh.bin => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\ProgramData\b199a7fe-d3aa-4ff9-9d61-b5dd5debd99d => moved successfully
C:\Program Files\8P8WWGG5M8 => moved successfully
C:\Users\Kuba\4861487.exe => moved successfully
C:\Users\Kuba\AppData\Roaming\15451hedamq => moved successfully
C:\Program Files\STXGDJLCBB => moved successfully
C:\Program Files\J785UGPWRB => moved successfully
C:\Program Files\EHXNQX91Y6 => moved successfully
C:\Program Files\1K1VXM1KCT => moved successfully
C:\Windows\wxyeltrpuaulyazux.wxy => moved successfully
C:\Users\Kuba\AppData\Roaming\k2pvrhap3nc => moved successfully
C:\Program Files (x86)\tvhjwryp55b => moved successfully
C:\Program Files (x86)\3xcla1myci4 => moved successfully
C:\Windows\MzNjYTZk.exe => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully

"C:\Users\Kuba\AppData\Local\Temp" folder move:

Could not move "C:\Users\Kuba\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C46E7A17-161F-491E-8E0C-A7974E9B0732}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C46E7A17-161F-491E-8E0C-A7974E9B0732}" => removed successfully
C:\Windows\System32\Tasks\{F04425E7-BFB2-4954-8BF7-A90408AF49DB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F04425E7-BFB2-4954-8BF7-A90408AF49DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C968C8A7-6DFE-4DF7-87B8-07EAF50B51BC}" => removed successfully
C:\Windows\System32\Tasks\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2ECECC8-0D59-4CC1-8C51-F52F30258E57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E838416D-9327-4B7B-A7E1-B6BC47C851E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E838416D-9327-4B7B-A7E1-B6BC47C851E8}" => removed successfully
C:\Windows\System32\Tasks\{7F50731A-722E-4089-9A9A-58C44B9537B4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F50731A-722E-4089-9A9A-58C44B9537B4}" => removed successfully
C:\Users\Kuba\Soubory cookie => ":GUnMlDGKY2aJs4gLAxD7UaX" ADS removed successfully
C:\Users\Kuba\AppData\Local\nYUQ0gUR => ":854ezDQrvKQZ8yISakrmyiu8KA2t" ADS removed successfully
C:\Users\Kuba\AppData\Local\peJOgag3XA75k => ":Xx0d6MNnK0Fb9tTFLr5Gl7B" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 140482731 B
Java, Flash, Steam htmlcache => 1721 B
Windows/system/drivers => 85893469 B
Edge => 0 B
Chrome => 0 B
Firefox => 666362316 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 22947379 B
LocalService => 33125 B
NetworkService => 115256347 B
Kuba => 880210015 B

RecycleBin => 141477 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-11-2018 18:21:24)

C:\Users\Kuba\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:21:24 ====

Re: Prosím o pomoc

Napsal: 30 lis 2018 19:05
od Rudy
OK. Nastala nějaká změna?

Re: Prosím o pomoc

Napsal: 30 lis 2018 19:44
od Jsedlak
Zda se ze pocitac funguje. Jeste to zkusim zitra. Dekuju moc.

Re: Prosím o pomoc

Napsal: 30 lis 2018 19:58
od Rudy
Rádo se stalo! :)

Re: Prosím o pomoc

Napsal: 01 pro 2018 12:18
od Jsedlak
Zda se, ze vsechno funguje, dekuju.
Doufal jsem, ze tohle procisteni pomuze i vykonu. Ale pocitac se porad zapina 9 min., pri 8 GB RAM a 3,2 GHz procesoru...je jedina cesta vsechno zformatovat a znovu nainstalovat?

Re: Prosím o pomoc

Napsal: 01 pro 2018 12:26
od Rudy
Udělejte ještě sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Prosím o pomoc

Napsal: 01 pro 2018 13:09
od Jsedlak
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 01.12.18
Čas skenování: 12:35
Logovací soubor: 23ffb364-f55d-11e8-b3f9-d43d7ee26067.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.482
Aktualizovat verzi balíku komponent: 1.0.8115
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Kuba-PC\Kuba

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 351678
Zjištěné hrozby: 79
Hrozby umístěné do karantény: 0
Uplynulý čas: 32 min, 32 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 21
PUP.Optional.Wajam, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\WajIEnhance, Žádná uživatelská akce, [204], [244670],1.0.8115
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Žádná uživatelská akce, [204], [-1],0.0.0
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Žádná uživatelská akce, [7214], [509886],1.0.8115
PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Žádná uživatelská akce, [970], [187045],1.0.8115
PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Žádná uživatelská akce, [970], [187045],1.0.8115
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Žádná uživatelská akce, [970], [187045],1.0.8115
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, Žádná uživatelská akce, [970], [187045],1.0.8115
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Žádná uživatelská akce, [432], [584322],1.0.8115
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Žádná uživatelská akce, [432], [518478],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Žádná uživatelská akce, [2775], [572664],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Žádná uživatelská akce, [2775], [572665],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Žádná uživatelská akce, [2775], [572666],1.0.8115
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Žádná uživatelská akce, [432], [518476],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Žádná uživatelská akce, [2775], [572667],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Žádná uživatelská akce, [2775], [572668],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Žádná uživatelská akce, [2775], [572669],1.0.8115
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Žádná uživatelská akce, [2775], [572670],1.0.8115
Adware.Tuto4PC, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\EWMON, Žádná uživatelská akce, [2775], [412878],1.0.8115
Trojan.Agent, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Žádná uživatelská akce, [403], [533745],1.0.8115
Trojan.Agent, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Žádná uživatelská akce, [403], [533745],1.0.8115
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Žádná uživatelská akce, [7214], [509886],1.0.8115

Hodnota v registru: 14
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [204], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [756], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [756], [-1],0.0.0
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Žádná uživatelská akce, [970], [187045],1.0.8115
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, Žádná uživatelská akce, [970], [187045],1.0.8115
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{29049BEC-CF6D-49FF-8F3F-95D886658152}, Žádná uživatelská akce, [7258], [237883],1.0.8115
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{29049BEC-CF6D-49FF-8F3F-95D886658152}, Žádná uživatelská akce, [7258], [237883],1.0.8115
Adware.Tuto4PC, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\EWMON|PARTNER, Žádná uživatelská akce, [2775], [412878],1.0.8115
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Žádná uživatelská akce, [756], [259988],1.0.8115

Data registrů: 5
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Žádná uživatelská akce, [756], [293486],1.0.8115
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Žádná uživatelská akce, [756], [293485],1.0.8115
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1993827299-2147907179-2969249044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Žádná uživatelská akce, [756], [293485],1.0.8115
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND|, Žádná uživatelská akce, [70], [292932],1.0.8115
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND|, Žádná uživatelská akce, [70], [292932],1.0.8115

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 3
PUP.Optional.DownloadProtect.ChrPRST, C:\WINDOWS\INSTALLER\{10F78416-E991-4176-98C2-BB92DCD6BD13}, Žádná uživatelská akce, [6273], [255640],1.0.8115
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C4D23BF1-AC38-44FC-B904-39E6910D6EB5}, Žádná uživatelská akce, [68], [237879],1.0.8115
Adware.Wajam, C:\PROGRAM FILES\Y2E0ODFjYjcwOWVhN, Žádná uživatelská akce, [474], [556539],1.0.8115

Soubor: 36
Trojan.Script, C:\WINDOWS\SYSWOW64\mshogrv.vbe, Žádná uživatelská akce, [3950], [193327],1.0.8115
Trojan.Script, C:\WINDOWS\SYSWOW64\msrxknb.vbe, Žádná uživatelská akce, [3950], [193327],1.0.8115
PUP.Optional.DownloadProtect.ChrPRST, C:\WINDOWS\INSTALLER\{10F78416-E991-4176-98C2-BB92DCD6BD13}\{29049BEC-CF6D-49FF-8F3F-95D886658152}.xpi, Žádná uživatelská akce, [6273], [255640],1.0.8115
PUP.Optional.DownloadProtect.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Žádná uživatelská akce, [6273], [-1],0.0.0
PUP.Optional.DownloadProtect.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Žádná uživatelská akce, [6273], [-1],0.0.0
PUP.Optional.DownloadProtect.ChrPRST, C:\USERS\KUBA\NTUSER.POL, Žádná uživatelská akce, [6273], [-1],0.0.0
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C4D23BF1-AC38-44FC-B904-39E6910D6EB5}\xnahafdallfhloofaolpgnoegflbdgpomml, Žádná uživatelská akce, [68], [237879],1.0.8115
PUP.Optional.DownloadProtect, C:\Windows\Installer\{C4D23BF1-AC38-44FC-B904-39E6910D6EB5}\cnahafdallfhloofaolpgnoegflbdgpomrx, Žádná uživatelská akce, [68], [237879],1.0.8115
Adware.Wait3Sec, C:\USERS\KUBA\DOWNLOADS\ADULT DATING.ICO, Žádná uživatelská akce, [4476], [526087],1.0.8115
Adware.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHAM.DB, Žádná uživatelská akce, [3727], [516189],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\NOAH.DAT, Žádná uživatelská akce, [3727], [404865],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\ConDom.tst, Žádná uživatelská akce, [3727], [404871],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\MD.XML, Žádná uživatelská akce, [3727], [404866],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\SHAM.DB, Žádná uživatelská akce, [3727], [516191],1.0.8115
Adware.Wajam, C:\PROGRAM FILES\Y2E0ODFjYjcwOWVhN\WBE_uninstall.dat, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\mozcrt19.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\MzdlOTE2.ico, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\nspr4.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\nss3.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\plc4.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\plds4.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\service.dat, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\service_64.dat, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\softokn3.dll, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Wajam, C:\Program Files\Y2E0ODFjYjcwOWVhN\YjcwNDZmYzUyYTJj, Žádná uživatelská akce, [474], [556539],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\AGENT.DAT, Žádná uživatelská akce, [3727], [404872],1.0.8115
Adware.Wait3Sec, C:\USERS\KUBA\DOWNLOADS\WIN IPHONE X.ICO, Žádná uživatelská akce, [4476], [526084],1.0.8115
Adware.Linkury.TskLnk, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Žádná uživatelská akce, [14227], [444922],1.0.8115
Adware.Linkury.Generic, C:\USERS\KUBA\APPDATA\LOCAL\CONFIG.XML, Žádná uživatelská akce, [3727], [404859],1.0.8115
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\CLEANCOMPUTERNEW\UNINSTALLER.EXE, Žádná uživatelská akce, [2775], [548720],1.0.8115
PUP.Optional.Bundler, C:\USERS\KUBA\DOWNLOADS\CPUZ-LISTA-CENTRUMCZ.EXE, Žádná uživatelská akce, [555], [88479],1.0.8115
PUP.Optional.Conduit, C:\USERS\KUBA\DOWNLOADS\BITLORDSETUP.EXE, Žádná uživatelská akce, [215], [111936],1.0.8115
Adware.Zdengo, C:\WINDOWS\SQSZMBVIGEEWFO.SQSZ, Žádná uživatelská akce, [7746], [606055],1.0.8115
PUP.Optional.Bundler, C:\USERS\KUBA\DOWNLOADS\WINRAR-LISTA-CENTRUMCZ.EXE, Žádná uživatelská akce, [555], [88479],1.0.8115
PUP.Optional.OpenCandy, C:\USERS\KUBA\DOWNLOADS\DTLITE4481-0347.EXE, Žádná uživatelská akce, [1090], [297667],1.0.8115
PUP.Optional.Bundler, C:\USERS\KUBA\DOWNLOADS\MOZILLA-FIREFOX-LISTA-CENTRUMCZ-PRO-INTERNET-EXPLORER.EXE, Žádná uživatelská akce, [555], [88479],1.0.8115

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz