VIRY.CZ

Mám Windows 10 s celkem dobrými komponenty.Nyní mi automaticky kdykoliv nekontrolovatelně probíhá restart bez oznámení .Ve Spuštění a zotavení systému v sekci Selhání systému mám u Zapsat událost do systémového protokolu-zatrhnuto a u Automaticky restartovat nemám zatrhnuto.I přesto se mi asi tato chyba nikam nezaznamená? Nebo se pletu?
Provedl jsem kontrolu v RSIT a protokol přikládám - pomůžete mi? Děkuji předem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by jozunost at 2019-03-08 11:37:14
Microsoft Windows 10 Pro
System drive C: has 15 GB (22%) free of 71 GB
Total RAM: 16254 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:15, on 08.03.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\InternetOff\InternetOff.exe
C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Kalendar\kalendar.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
C:\Program Files\trend micro\jozunost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1c2xzPTFCt073vFQEu_BVd_YP4BMPEpByl6zOo-BzX1L9TYWAjDuxBq9haE8yOn30ohFZSGvz1XImV1BaIPULd7UXMxHGFL_Yv0AxjwNrP4vHobLedidsvr13AS4Lk1vUyLDfKQKm6Ydu_bue8RiyvJrqnFMA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1c2xzPTFCt073vFQEu_BVd_YP4BMPEpByl6zOo-BzX1L9TYWAjDuxBq9haE8yOn30ohFZSGvz1XImV1BaIPULd7UXMxHGFL_Yv0AxjwNrP4vHobLedidsvr13AS4Lk1vUyLDfKQKm6Ydu_bue8RiyvJrqnFMA,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1c2xzPTFCt073vFQEu_BVd_YP4BMPEpByl6zOo-BzX1L9TYWAjDuxBq9haE8yOn30ohFZSGvz1XImV1BaIPULd7UXMxHGFL_Yv0AxjwNrP4vHobLedidsvr13AS4Lk1vUyLDfKQKm6Ydu_bue8RiyvJrqnFMA,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [InternetOff] C:\Program Files (x86)\InternetOff\InternetOff.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe" ..
O4 - HKCU\..\Run: [Kalendar] C:\Program Files (x86)\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\vsocklib.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Active Protection (TM) Service (AcronisActiveProtectionService) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files (x86)\BootRacer\BootRacerServ.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Internet Off Service (InternetOffService) - Unknown owner - C:\Program Files (x86)\InternetOff\IOffSvc.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Acronis Managed Machine Service Mini (mmsminisrv) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service: Server záloh mobilního zařízení Acronis (mobile_backup_server) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
O23 - Service: Stav serveru záloh mobilního zařízení Acronis (mobile_backup_status_server) - Unknown owner - C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Printer Control - Unknown owner - C:\WINDOWS\system32\PrintCtrl.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 13191 bytes

======Listing Processes======









C:\Windows\system32\lsass.exe
winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
"C:\Program Files (x86)\InternetOff\IOffSvc.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc

c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
"C:\Program Files (x86)\BootRacer\BootRacerServ.exe"
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k netsvcs -p
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe"
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files\Bonjour\mDNSResponder.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe"
C:\WINDOWS\system32\PrintCtrl.exe
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
"C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\Windows\Explorer.EXE
igfxEM.exe
ClassicStartMenu.exe -startup
igfxHK.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
igfxTray.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "E:\Indexování\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files (x86)\InternetOff\InternetOff.exe"
"C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Kalendar\kalendar.exe"
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe" uTorrent_4928_00BEC8D8_1214879583 µTorrent4823DF041B09 uTorrent
"C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe" uTorrent_4928_00BEC678_1739985303 µTorrent4823DF041B09 uTorrent
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
"c:\program files (x86)\system explorer\service\systemexplorerservice64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe" /srvupt
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV

"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\helppane.exe -Embedding
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Windows\system32\svchost.exe -k SDRSVC
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Users\jozun\Desktop\5 online nástroje pro automatickou analýzu souboru protokolu HijackThis\vytvoření a kontrola logu\Návod na vytvoření logu z RSIT\RSITx64.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "https://forum.viry.cz/viewtopic.php?f=30&t=130787"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="9436.0.1605154836\886050915" -parentBuildID 20190225143501 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - "C:\Users\jozun\AppData\LocalLow\Mozilla\Temp-{4470ec53-d9a2-4c35-a4d9-e3603a1416e4}" 9436 "\\.\pipe\gecko-crash-server-pipe.9436" 1440 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="9436.6.1697599873\1614795325" -childID 1 -isForBrowser -prefsHandle 2144 -prefMapHandle 2300 -prefsLen 1 -prefMapSize 191008 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 9436 "\\.\pipe\gecko-crash-server-pipe.9436" 1156 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="9436.13.729796395\1374982080" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3660 -prefsLen 81 -prefMapSize 191008 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 9436 "\\.\pipe\gecko-crash-server-pipe.9436" 3672 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="9436.20.2090363089\432676124" -childID 3 -isForBrowser -prefsHandle 4528 -prefMapHandle 4524 -prefsLen 5823 -prefMapSize 191008 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 9436 "\\.\pipe\gecko-crash-server-pipe.9436" 4508 tab
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-133057320-3794765189-3837850422-100119_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-133057320-3794765189-3837850422-100119 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "E:\Indexování\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\splwow64.exe 8192
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\PrintIsolationHost.exe -Embedding
"C:\Windows\system32\SearchFilterHost.exe" 0 712 724 760 8192 756
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="9436.27.1108705002\1706999944" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4788 -prefsLen 6317 -prefMapSize 191008 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 9436 "\\.\pipe\gecko-crash-server-pipe.9436" 4804 tab
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\SlimDrivers Scan.job - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe scheduled
C:\Windows\tasks\Uninstaller_SkipUac_jozun.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

=========Mozilla firefox=========

ProfilePath - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19 2478864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12 885696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12 551872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12 760768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12 507328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12 885696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12 760768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2017-06-22 589104]
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. []
"jv16 PT 2017 (Startup Optimizer)"=E:\1.A Programy-601 GB\!.Čistící 222GB\3.Manažery 5.26 GB\1\1.jv16 PowerTools 2017 4.1.0.1666-portable\jv16 PowerTools 2017 4.1.0.1666-portable\jv16PTPortable\App\jv16PT\jv16pt_PreWorker2.exe [2017-01-25 329112]
"jv16 PT 2017 (System Startup Check)"=E:\1.A Programy-601 GB\!.Čistící 222GB\3.Manažery 5.26 GB\1\1.jv16 PowerTools 2017 4.1.0.1666-portable\jv16 PowerTools 2017 4.1.0.1666-portable\jv16PTPortable\App\jv16PT\jv16pt_PreWorker2.exe [2017-01-25 329112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BootRacer"=C:\Program Files (x86)\BootRacer\Bootrace.exe [2014-04-23 3843344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"InternetOff"=C:\Program Files (x86)\InternetOff\InternetOff.exe [2016-05-25 3182360]
"uTorrent"=C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe [2019-03-05 1815736]
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. []
"Kalendar"=C:\Program Files (x86)\Kalendar\kalendar.exe [2005-11-09 580608]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2012-10-18 752736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2017-02-14 425864]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2017-06-22 5118944]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"SystemExplorerAutoStart"=C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2015-08-19 3389160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BootRacer"=C:\Program Files (x86)\BootRacer\Bootrace.exe [2014-04-23 3843344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppXSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\camsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ClipSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dps]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lfsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msiserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\semgrsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\shellhwdetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\srv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\srv2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\srvnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TokenBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TweakingRemoveSafeBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WSService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.dvacm_vspX10"=c:\PROGRA~1\Corel\Corel VideoStudio X10\Dvacm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-03-08 09:28:22 ----D---- C:\FRST
2019-03-08 09:27:22 ----D---- C:\rsit
2019-03-08 09:27:22 ----D---- C:\Program Files\trend micro
2019-03-08 09:05:30 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-07 16:19:33 ----D---- C:\Users\jozun\AppData\Roaming\jv16PTPortableBackup
2019-03-07 15:54:08 ----D---- C:\Program Files\Windows Security
2019-03-07 15:27:49 ----D---- C:\Windows\SoftwareDistribution
2019-03-07 15:23:41 ----D---- C:\Windows\system32\catroot2
2019-03-07 15:07:33 ----HD---- C:\Program Files (x86)\Uninstall Information
2019-03-07 14:58:40 ----A---- C:\Windows\tweaking.com-regbackup-DESKTOP-5AEIRAE-Windows-10-Pro-(64-bit).dat
2019-03-07 14:58:39 ----D---- C:\RegBackup
2019-03-07 13:32:28 ----D---- C:\Users\jozun\AppData\Roaming\JAM Software
2019-03-07 13:32:28 ----D---- C:\Program Files (x86)\JAM Software
2019-03-07 11:04:21 ----D---- C:\Program Files (x86)\SlimCleaner
2019-03-06 10:11:28 ----D---- C:\ProgramData\Mozilla
2019-03-06 10:08:29 ----A---- C:\Users\jozun\AppData\Roaming\Top Process Monitor_Settings.ini
2019-03-06 10:07:27 ----A---- C:\Users\jozun\AppData\Roaming\System Monitor II_UptimeRecord.ini
2019-03-06 10:07:11 ----A---- C:\Users\jozun\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2019-03-06 10:04:36 ----A---- C:\Users\jozun\AppData\Roaming\Control System_Settings.ini
2019-03-06 09:58:41 ----A---- C:\Users\jozun\AppData\Roaming\Drives Meter_Settings.ini
2019-03-05 15:29:29 ----SHD---- C:\$RECYCLE.BIN
2019-03-05 15:29:24 ----D---- C:\Windows\CSC
2019-03-05 15:29:16 ----ASH---- C:\swapfile.sys
2019-03-05 15:29:14 ----ASH---- C:\pagefile.sys
2019-03-05 15:29:12 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 month======

2019-03-08 11:37:04 ----D---- C:\Users\jozun\AppData\Roaming\uTorrent
2019-03-08 11:34:14 ----D---- C:\Windows\Prefetch
2019-03-08 11:31:07 ----D---- C:\Windows\Temp
2019-03-08 11:31:07 ----D---- C:\Windows\system32\SleepStudy
2019-03-08 11:14:00 ----D---- C:\Windows\CbsTemp
2019-03-08 11:09:00 ----D---- C:\Windows\system32\sru
2019-03-08 09:29:55 ----D---- C:\Windows
2019-03-08 09:27:22 ----RD---- C:\Program Files
2019-03-08 09:12:22 ----D---- C:\Windows\System32
2019-03-08 09:12:22 ----D---- C:\Windows\INF
2019-03-08 09:12:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-03-08 09:06:12 ----D---- C:\ProgramData\BootRacer
2019-03-08 09:05:29 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-03-08 09:05:28 ----D---- C:\Program Files (x86)\TeamViewer
2019-03-08 09:05:27 ----AD---- C:\Program Files (x86)\BootRacer
2019-03-08 08:13:18 ----SD---- C:\Users\jozun\AppData\Roaming\Microsoft
2019-03-08 08:08:35 ----D---- C:\Windows\Logs
2019-03-07 21:19:34 ----D---- C:\Users\jozun\AppData\Roaming\Seznam.cz
2019-03-07 18:00:01 ----D---- C:\Windows\system32\LogFiles
2019-03-07 16:29:46 ----D---- C:\Windows\AppReadiness
2019-03-07 16:17:14 ----D---- C:\Windows\system32\config
2019-03-07 15:21:47 ----D---- C:\Windows\Tasks
2019-03-07 15:21:47 ----D---- C:\Windows\system32\Tasks
2019-03-07 15:17:03 ----D---- C:\Windows\system32\drivers\etc
2019-03-07 15:07:33 ----RD---- C:\Program Files (x86)
2019-03-07 14:57:28 ----A---- C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2019-03-07 14:32:58 ----RD---- C:\Windows\Microsoft.NET
2019-03-07 13:58:53 ----RD---- C:\Users
2019-03-07 13:46:22 ----D---- C:\Windows\system32\WDI
2019-03-07 11:05:06 ----DC---- C:\Windows\Panther
2019-03-07 11:05:06 ----D---- C:\Users\jozun\AppData\Roaming\vlc
2019-03-07 11:04:21 ----SHDC---- C:\Windows\Installer
2019-03-07 11:04:21 ----SHD---- C:\Config.Msi
2019-03-07 10:43:58 ----HD---- C:\Program Files\WindowsApps
2019-03-07 10:24:36 ----A---- C:\Windows\ntbtlog.txt
2019-03-06 11:31:32 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2019-03-06 11:30:27 ----D---- C:\Program Files (x86)\Hard Disk Sentinel
2019-03-06 10:11:28 ----HD---- C:\ProgramData
2019-03-06 10:06:14 ----D---- C:\Windows\SysWOW64
2019-03-06 10:04:01 ----D---- C:\Windows\system32\drivers\wd
2019-03-06 08:38:29 ----D---- C:\ProgramData\Packages
2019-03-05 15:34:22 ----D---- C:\ProgramData\ProductData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 file_tracker;Acronis File Tracker Driver; C:\Windows\system32\DRIVERS\file_tracker.sys [2018-08-03 378712]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2018-08-03 181592]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2018-04-12 58272]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys [2018-04-12 304032]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\Windows\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2018-08-03 370008]
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2018-08-19 414720]
R2 file_protector;Acronis File Protector Driver; C:\Windows\system32\DRIVERS\file_protector.sys [2018-08-03 479064]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2018-04-12 43520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-11-01 7966192]
R3 IUProcessFilter;IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [2018-05-12 37184]
R3 IURegistryFilter;IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [2018-05-15 43392]
R3 MEIx64;@oem3.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys [2017-10-17 206496]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2018-04-12 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2018-08-19 128920]
S1 asrdmon;asrdmon; C:\Windows\system32\drivers\asrdmon.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 AppleLowerFilter;@oem19.inf,%AppleLowerFilterDisplayName%;Apple Lower Filter Driver; C:\Windows\System32\drivers\AppleLowerFilter.sys [2018-05-10 35560]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys [2018-04-12 127384]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys [2018-04-12 162712]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys [2018-04-12 143768]
S3 AscFileFilter;AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys []
S3 AscRegistryFilter;AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys []
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys [2018-04-12 92056]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2018-04-12 60320]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2018-04-12 123392]
S3 cpuz141;cpuz141; \??\C:\Users\jozun\AppData\Local\Temp\cpuz141\cpuz141_x64.sys []
S3 cpuz143;cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys []
S3 dfg;dfg; \??\C:\WINDOWS\system32\dfg.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2018-09-20 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IntcDAud;@oem0.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 Point64;@oem18.inf,%point64.SvcDesc%;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\System32\drivers\point64.sys [2015-12-09 68904]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2018-08-19 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys [2018-04-12 33184]
S4 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcronisActiveProtectionService;Acronis Active Protection (TM) Service; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2017-03-24 1492904]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2017-06-22 1279464]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2018-08-03 6086232]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BootRacerServ;BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [2014-04-30 65296]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_394fd;CDPUserSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-11-01 373744]
R2 InternetOffService;Internet Off Service; C:\Program Files (x86)\InternetOff\IOffSvc.exe [2016-05-25 1634072]
R2 mmsminisrv;Acronis Managed Machine Service Mini; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [2017-02-13 4795288]
R2 NAUpdate;Nero Update; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
R2 OneSyncSvc_394fd;OneSyncSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R2 Printer Control;Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [2012-10-21 121856]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 277360]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 337776]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\Windows\system32\SecurityHealthService.exe [2018-08-19 760888]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\Windows\system32\SgrmBroker.exe [2018-04-12 163336]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-08-19 43648]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-06-28 149776]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_394fd;BcastDVRUserService_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_394fd;BluetoothUserService_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 CaptureService_394fd;CaptureService_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-11-01 301552]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_394fd;DevicePickerUserSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_394fd;DevicesFlowUserSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-19 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_394fd;MessagingService_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 mobile_backup_server;Server záloh mobilního zařízení Acronis; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2017-01-06 2908352]
S3 mobile_backup_status_server;Stav serveru záloh mobilního zařízení Acronis; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2017-06-22 1617520]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe []
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc_394fd;PimIndexMaintenanceSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_394fd;PrintWorkflowUserSvc_394fd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2018-08-19 4737448]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\Windows\system32\spectrum.exe [2018-08-19 976384]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe [2018-08-19 826776]
S4 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-08-10 296336]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]

-----------------EOF-----------------

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >> •Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

omlouvám se za zpoždění...log je tento:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by jozunost at 2019-03-08 20:36:40 Run:1
Running from C:\Users\jozun\Desktop
Loaded Profile: jozunost (Available profiles: jozunost)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... qnFMA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%7 ... qnFMA,,&q={searchTerms}
O4 - HKCU\..\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe" ..
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. []
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S1 asrdmon;asrdmon; C:\Windows\system32\drivers\asrdmon.sys []
S3 dfg;dfg; \??\C:\WINDOWS\system32\dfg.sys []



EmptyTemp:
Reboot:
End
*****************

CreateRestorePoint: => Error: No automatic fix found for this entry.
HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
O4 - HKCU\..\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe" .. => Error: No automatic fix found for this entry.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] => Error: No automatic fix found for this entry.
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. [] => Error: No automatic fix found for this entry.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] => Error: No automatic fix found for this entry.
"b9bef0b2c7e7a3d4ec4ebdd0dac24a5e"=C:\Users\jozun\AppData\Local\Temp\taskmgr.exe .. [] => Error: No automatic fix found for this entry.
Partizan => Service deleted successfully.
asrdmon => Service deleted successfully.
dfg => Service deleted successfully.
EmptyTemp: => Removed 969.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Pardon za jednorazovy vstup

Poprosim o vytvorenie a vlozenie obidvoch logov z FRST podla navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Omlouvám se špatně jsem to četl.
Takže jsem vytvořil oba dva logy znova:
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by jozunost (administrator) on DESKTOP-5AEIRAE (09-03-2019 08:38:38)
Running from C:\Users\jozun\Desktop
Loaded Profiles: jozunost (Available Profiles: jozunost)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Crystal Rich Ltd -> ) C:\Program Files (x86)\InternetOff\IOffSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Greatis Software LLC -> Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed] C:\Windows\System32\PrintCtrl.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Crystal Rich Ltd -> ) C:\Program Files (x86)\InternetOff\InternetOff.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe
() [File not signed] C:\Program Files (x86)\Kalendar\kalendar.exe
(ZONER software, a.s. -> ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\jozun\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
(ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [589104 2017-06-22] (Acronis International GmbH -> )
HKLM\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe" .. <==== ATTENTION
HKLM\...\Run: [jv16 PT 2017 (Startup Optimizer)] => "E:\1.A Programy-601 GB\!.Čistící 222GB\3.Manažery 5.26 GB\1\1.jv16 PowerTools 2017 4.1.0.1666-portable\jv16 PowerTools 2017 4.1.0.1666-portable\jv16PTPortable\App\jv16PT\jv16pt_PreWorker2.exe" /Start (the data entry has 188 more characters).
HKLM\...\Run: [jv16 PT 2017 (System Startup Check)] => "E:\1.A Programy-601 GB\!.Čistící 222GB\3.Manažery 5.26 GB\1\1.jv16 PowerTools 2017 4.1.0.1666-portable\jv16 PowerTools 2017 4.1.0.1666-portable\jv16PTPortable\App\jv16PT\jv16pt_PreWorker2.exe" /SysSt (the data entry has 187 more characters).
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-02-14] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5118944 2017-06-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [3843344 2014-04-23] (Greatis Software LLC -> Greatis Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Run: [InternetOff] => C:\Program Files (x86)\InternetOff\InternetOff.exe [3182360 2016-05-25] (Crystal Rich Ltd -> )
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Run: [uTorrent] => C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe [1815736 2019-03-05] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Run: [b9bef0b2c7e7a3d4ec4ebdd0dac24a5e] => "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe" .. <==== ATTENTION
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Run: [Kalendar] => C:\Program Files (x86)\Kalendar\kalendar.exe [580608 2005-11-09] () [File not signed]
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-18] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Drivers32: [msacm.dvacm_vspX10] => c:\Program Files\Corel\Corel VideoStudio X10\DVACM.acm [23552 2017-01-11] (Corel TW Corp.) [File not signed]
BootExecute: autocheck autochk * autopart.exe
GroupPolicy: Restriction - Windows Defender <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 14 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 15 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 14 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 15 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8eb1dd53-e607-48a0-a063-3ab67bf60e9f}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE04
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE04
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {472CEE61-1A3C-47E8-970C-FA9DCFBD936A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {58C2F23E-FD9A-40AD-AB2A-9218FBC04D12} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {7680ACD5-C277-402F-A3B6-D6EA76EF453A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {AC1DC5B8-36A0-4D08-B757-1841C8138D8E} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {B1518C38-65BE-4F4B-A01D-25E36ABB7189} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {C39F43B1-D690-4808-9724-055C44E38F8B} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {C5E96B9A-D999-4664-9320-0AF4BECD8F76} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {E0191143-46BF-4233-A913-566D7489F793} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-133057320-3794765189-3837850422-1001 -> {F2CA7F06-1CB5-4664-9332-2E11D250550A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: bzigsj58.default
FF ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default [2019-03-09]
FF Homepage: Mozilla\Firefox\Profiles\bzigsj58.default -> www.seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\bzigsj58.default -> about:newtab
FF Extension: (YouTube Plus) - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default\Extensions\particle@particlecore.github.io.xpi [2018-12-22]
FF Extension: (Download Manager (S3)) - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default\Extensions\s3download@statusbar.xpi [2018-12-23]
FF Extension: (S3.Translator) - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default\Extensions\s3google@translator.xpi [2018-10-29]
FF Extension: (YouTube High Definition) - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2018-12-22]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\bzigsj58.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2019-03-06]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-03-23] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG -> Nero AG)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-03-23] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-03-23] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-133057320-3794765189-3837850422-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-133057320-3794765189-3837850422-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-03-23] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [1492904 2017-03-24] (Acronis International GmbH -> Acronis International GmbH)
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2014-04-30] (Greatis Software LLC -> Greatis Software, LLC)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel(R) pGFX -> Intel Corporation)
R2 InternetOffService; C:\Program Files (x86)\InternetOff\IOffSvc.exe [1634072 2016-05-25] (Crystal Rich Ltd -> )
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [149776 2018-06-28] (IObit Information Technology -> IObit)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4795288 2017-02-13] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1617520 2017-06-22] (Acronis International GmbH -> )
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (Netgear Incorporated -> NETGEAR)
R2 Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [479064 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [378712 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-05-12] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-05-15] (IObit Information Technology -> IObit)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2019-03-08] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tpfilter; C:\Windows\System32\drivers\tpfilter.sys [25928 2015-10-29] (BYD precision manufacture company -> TP Microelectronic)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (GridinSoft LLC -> Windows (R) Win 7 DDK provider)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [324952 2018-08-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-06] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-12-23] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-12-23] (Zemana Ltd. -> Zemana Ltd.)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz141; \??\C:\Users\jozun\AppData\Local\Temp\cpuz141\cpuz141_x64.sys [X] <==== ATTENTION
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 08:38 - 2019-03-09 08:39 - 000024159 _____ C:\Users\jozun\Desktop\FRST.txt
2019-03-09 08:34 - 2019-03-09 08:39 - 000051925 _____ C:\Windows\ZAM.krnl.trace
2019-03-09 08:34 - 2019-03-09 08:39 - 000026327 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-03-09 08:34 - 2019-03-09 08:34 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-09 08:15 - 2019-03-09 08:15 - 002434560 _____ (Farbar) C:\Users\jozun\Desktop\FRST64.exe
2019-03-09 08:14 - 2019-03-09 08:14 - 000001310 _____ C:\Users\jozun\Desktop\notepad.exe (2).lnk
2019-03-08 21:35 - 2019-03-08 20:59 - 000000250 _____ C:\Users\jozun\Desktop\4.VIRY.CZ • Zobrazit téma - prosím o kontrolu logu.URL
2019-03-08 20:40 - 2019-03-08 20:47 - 000000000 ____D C:\Users\jozun\Desktop\Nová složka
2019-03-08 20:38 - 2019-03-09 08:34 - 000000000 ____D C:\Users\jozun\AppData\LocalLow\uTorrent
2019-03-08 20:31 - 2019-03-08 20:31 - 000001310 _____ C:\Users\jozun\Desktop\notepad.exe.lnk
2019-03-08 20:23 - 2019-03-08 20:23 - 000002675 _____ C:\Users\jozun\Desktop\! Nastroje pro opravu z 6.httpstoolslib.net.lnk
2019-03-08 20:23 - 2019-03-08 20:23 - 000002245 _____ C:\Users\jozun\Desktop\!.Programy pokračovat!!!!.lnk
2019-03-08 20:22 - 2019-03-08 20:22 - 000000000 ____D C:\Users\jozun\Desktop\!.FRST-Farbar Recovery Tool Scan
2019-03-08 16:53 - 2019-03-08 16:53 - 000000000 ___HD C:\$Windows.~WS
2019-03-08 16:41 - 2019-03-08 16:41 - 000001735 _____ C:\Users\jozun\Desktop\odeslání logu ke kontrole do viry.cz.lnk
2019-03-08 16:29 - 2019-03-08 16:29 - 000000099 _____ C:\Windows\Reimage.ini
2019-03-08 16:05 - 2019-03-08 16:05 - 000000000 ____D C:\$WINDOWS.~BT
2019-03-08 16:00 - 2019-03-08 16:00 - 000487087 _____ C:\Users\jozun\Downloads\Fix it Microsoft Opravy pro Windows_10.zip
2019-03-08 14:21 - 2019-03-08 14:28 - 137723549 _____ C:\Users\jozun\Downloads\Doporučené Instalace Progr v ISO pro Windows_10.zip.part
2019-03-08 14:03 - 2019-03-08 14:04 - 000000000 ____D C:\Users\jozun\AppData\Local\NETGEARGenie
2019-03-08 14:03 - 2019-03-08 14:03 - 000369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2019-03-08 14:03 - 2019-03-08 14:03 - 000281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2019-03-08 14:03 - 2019-03-08 14:03 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2019-03-08 14:03 - 2019-03-08 14:03 - 000096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2019-03-08 14:03 - 2019-03-08 14:03 - 000035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2019-03-08 14:03 - 2019-03-08 14:03 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2019-03-08 14:03 - 2019-03-08 14:03 - 000002131 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2019-03-08 14:03 - 2019-03-08 14:03 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
2019-03-08 13:44 - 2019-03-08 13:44 - 000001336 _____ C:\Users\jozun\Desktop\137.lnk
2019-03-08 13:34 - 2019-03-08 13:34 - 000001429 _____ C:\Users\jozun\Desktop\136 - 8.3.2019.lnk
2019-03-08 12:45 - 2019-03-08 12:45 - 001136576 _____ (BoolApps Ltd) C:\Users\jozun\Downloads\errorkit-ver_a5f92735-err_11127.exe
2019-03-08 09:28 - 2019-03-09 08:38 - 000000000 ____D C:\FRST
2019-03-08 09:27 - 2019-03-08 11:37 - 000000000 ____D C:\Program Files\trend micro
2019-03-08 09:27 - 2019-03-08 09:27 - 000000000 ____D C:\rsit
2019-03-07 16:19 - 2019-03-07 16:19 - 000000000 ____D C:\Users\jozun\AppData\Roaming\jv16PTPortableBackup
2019-03-07 15:54 - 2019-03-07 15:54 - 000000000 ____D C:\Program Files\Windows Security
2019-03-07 15:21 - 2019-03-07 15:21 - 000003662 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-03-07 15:07 - 2019-03-07 15:07 - 000000492 _____ C:\as.mof
2019-03-07 15:07 - 2019-03-07 15:07 - 000000490 _____ C:\av.mof
2019-03-07 14:58 - 2019-03-07 14:58 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-5AEIRAE-Windows-10-Pro-(64-bit).dat
2019-03-07 14:58 - 2019-03-07 14:58 - 000000000 ____D C:\RegBackup
2019-03-07 14:57 - 2019-03-07 14:57 - 000003788 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2019-03-07 13:32 - 2019-03-07 13:32 - 000000000 ____D C:\Users\jozun\AppData\Roaming\JAM Software
2019-03-07 13:32 - 2019-03-07 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2019-03-07 13:32 - 2019-03-07 13:32 - 000000000 ____D C:\Program Files (x86)\JAM Software
2019-03-07 11:04 - 2019-03-07 11:04 - 000003142 _____ C:\Windows\System32\Tasks\SlimCleaner Run
2019-03-07 11:04 - 2019-03-07 11:04 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2019-03-07 11:04 - 2019-03-07 11:04 - 000000000 ____D C:\Users\jozun\AppData\Local\SlimWare Utilities Inc
2019-03-07 11:04 - 2019-03-07 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2019-03-07 11:04 - 2019-03-07 11:04 - 000000000 ____D C:\Program Files (x86)\SlimCleaner
2019-03-06 10:11 - 2019-03-06 10:11 - 000000000 ____D C:\ProgramData\Mozilla
2019-03-06 10:08 - 2019-03-06 10:08 - 000000358 _____ C:\Users\jozun\AppData\Roaming\Top Process Monitor_Settings.ini
2019-03-06 10:07 - 2019-03-06 10:07 - 000000127 _____ C:\Users\jozun\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2019-03-06 10:07 - 2019-03-06 10:07 - 000000119 _____ C:\Users\jozun\AppData\Roaming\System Monitor II_UptimeRecord.ini
2019-03-06 10:06 - 2019-03-06 10:06 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-03-06 10:06 - 2019-03-06 10:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-03-06 10:04 - 2019-03-06 10:04 - 000000092 _____ C:\Users\jozun\AppData\Roaming\Control System_Settings.ini
2019-03-06 09:58 - 2019-03-06 09:58 - 000000839 _____ C:\Users\jozun\AppData\Roaming\Drives Meter_Settings.ini
2019-03-05 15:29 - 2019-03-07 15:41 - 000000000 ____D C:\Windows\CSC

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 08:39 - 2018-08-09 20:32 - 000000000 ____D C:\Users\jozun\AppData\Roaming\uTorrent
2019-03-09 08:35 - 2018-08-09 18:50 - 000000000 ____D C:\Users\jozun\AppData\LocalLow\Mozilla
2019-03-09 08:34 - 2018-09-14 08:43 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-03-09 08:34 - 2018-08-19 12:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-09 08:34 - 2018-08-11 09:56 - 000000000 __SHD C:\Users\jozunost\IntelGraphicsProfiles
2019-03-09 08:34 - 2018-08-02 17:55 - 000000000 ____D C:\ProgramData\BootRacer
2019-03-09 08:34 - 2018-08-02 17:54 - 000634880 ____H C:\Users\Public\Documents\bootracer.his
2019-03-09 08:34 - 2018-08-02 17:08 - 000000427 ____H C:\Users\Public\Documents\bootracer.ini
2019-03-09 08:34 - 2018-08-02 17:08 - 000000000 ____D C:\Program Files (x86)\BootRacer
2019-03-09 08:34 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-09 08:33 - 2018-08-19 12:39 - 000000000 ____D C:\Users\jozun
2019-03-09 08:33 - 2018-04-11 22:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-03-09 08:28 - 2018-08-19 12:46 - 001679850 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-09 08:28 - 2018-04-12 16:51 - 000711510 _____ C:\Windows\system32\perfh005.dat
2019-03-09 08:28 - 2018-04-12 16:51 - 000143344 _____ C:\Windows\system32\perfc005.dat
2019-03-09 08:28 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2019-03-09 08:21 - 2018-08-19 12:38 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-03-09 08:18 - 2018-08-09 18:30 - 000000000 ____D C:\Users\jozun\AppData\Local\ClassicShell
2019-03-09 08:10 - 2018-08-19 12:42 - 000004210 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0A57037-A030-4FCE-994A-6610D6E777BF}
2019-03-08 21:04 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2019-03-08 21:03 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-08 17:08 - 2019-02-01 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-08 17:00 - 2018-09-13 15:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-03-08 16:54 - 2018-08-19 12:42 - 000010533 _____ C:\Windows\diagwrn.xml
2019-03-08 16:54 - 2018-08-19 12:42 - 000009528 _____ C:\Windows\diagerr.xml
2019-03-08 16:54 - 2018-08-19 11:45 - 000000000 ___DC C:\Windows\Panther
2019-03-08 16:05 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp
2019-03-08 16:00 - 2018-09-25 14:55 - 000000000 ____D C:\Users\jozun\AppData\Local\ElevatedDiagnostics
2019-03-08 14:12 - 2018-09-13 15:58 - 000001280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-03-08 14:03 - 2018-08-02 17:02 - 000000000 ____D C:\Users\jozun\AppData\Roaming\Seznam.cz
2019-03-08 13:59 - 2018-08-26 14:40 - 000000000 ____D C:\Users\jozun\AppData\Local\CrashDumps
2019-03-08 11:56 - 2018-08-02 14:21 - 000000436 _____ C:\Users\jozun\Desktop\Tento počítač – zástupce.lnk
2019-03-08 08:33 - 2018-08-02 14:18 - 000000000 ____D C:\Users\jozun\AppData\Local\VirtualStore
2019-03-08 08:13 - 2018-08-02 18:13 - 000000000 ____D C:\Users\jozun\AppData\Local\Microsoft Help
2019-03-07 16:24 - 2018-08-02 16:29 - 000000000 ____D C:\Users\jozun\AppData\Local\PackageStaging
2019-03-07 15:41 - 2018-08-19 12:38 - 000287224 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-07 14:57 - 2018-08-10 19:57 - 000478132 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2019-03-07 14:04 - 2018-08-03 12:38 - 000000811 _____ C:\Users\jozun\Desktop\1.A Programy-601 GB – zástupce.lnk
2019-03-07 11:05 - 2018-08-26 10:31 - 000000000 ____D C:\Users\jozun\AppData\Roaming\vlc
2019-03-07 11:05 - 2018-08-02 18:34 - 000000000 ____D C:\Users\jozun\Tracing
2019-03-07 10:24 - 2018-08-06 10:37 - 000839810 _____ C:\Windows\ntbtlog.txt
2019-03-06 11:31 - 2018-08-02 17:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-06 11:30 - 2018-08-24 09:41 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2019-03-06 10:11 - 2018-08-02 17:03 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-06 10:04 - 2018-08-02 18:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-03-06 10:02 - 2018-08-02 18:32 - 000000000 ____D C:\Users\jozun\AppData\Local\Sidebar7
2019-03-06 08:38 - 2018-08-11 09:56 - 000000000 ____D C:\ProgramData\Packages
2019-03-05 15:34 - 2018-08-03 11:16 - 000000000 ____D C:\ProgramData\ProductData

==================== Files in the root of some directories =======

2019-03-06 10:04 - 2019-03-06 10:04 - 000000092 _____ () C:\Users\jozun\AppData\Roaming\Control System_Settings.ini
2019-03-06 09:58 - 2019-03-06 09:58 - 000000839 _____ () C:\Users\jozun\AppData\Roaming\Drives Meter_Settings.ini
2019-03-06 10:07 - 2019-03-06 10:07 - 000000127 _____ () C:\Users\jozun\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2019-03-06 10:07 - 2019-03-06 10:07 - 000000119 _____ () C:\Users\jozun\AppData\Roaming\System Monitor II_UptimeRecord.ini
2019-03-06 10:08 - 2019-03-06 10:08 - 000000358 _____ () C:\Users\jozun\AppData\Roaming\Top Process Monitor_Settings.ini
2019-01-07 16:21 - 2019-01-07 16:21 - 007858688 _____ () C:\Users\jozun\AppData\Local\agent.dat
2019-01-07 16:21 - 2019-01-07 16:21 - 000278509 _____ () C:\Users\jozun\AppData\Local\Conex.bin
2019-01-07 16:21 - 2019-01-07 16:21 - 000070896 _____ () C:\Users\jozun\AppData\Local\Config.xml
2019-01-07 16:21 - 2019-01-07 16:21 - 002036399 _____ () C:\Users\jozun\AppData\Local\Goodplus.tst
2019-01-07 16:21 - 2019-01-07 16:21 - 000005568 _____ () C:\Users\jozun\AppData\Local\md.xml
2019-01-07 16:21 - 2019-01-07 16:21 - 000126464 _____ () C:\Users\jozun\AppData\Local\noah.dat
2018-08-14 15:30 - 2018-08-18 17:59 - 000007605 _____ () C:\Users\jozun\AppData\Local\resmon.resmoncfg
2019-01-07 16:21 - 2019-01-07 17:44 - 000722944 _____ () C:\Users\jozun\AppData\Local\sham.db
2019-01-07 16:21 - 2019-01-07 16:21 - 001895382 _____ () C:\Users\jozun\AppData\Local\Tempeco.bin
2019-01-07 16:21 - 2019-01-07 16:21 - 000032038 _____ () C:\Users\jozun\AppData\Local\uninstall_temp.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-19 12:38

==================== End of FRST.txt ============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by jozunost (09-03-2019 08:39:44)
Running from C:\Users\jozun\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-08-19 11:42:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-133057320-3794765189-3837850422-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-133057320-3794765189-3837850422-503 - Limited - Disabled)
Guest (S-1-5-21-133057320-3794765189-3837850422-501 - Limited - Disabled)
jozunost (S-1-5-21-133057320-3794765189-3837850422-1001 - Administrator - Enabled) => C:\Users\jozun
WDAGUtilityAccount (S-1-5-21-133057320-3794765189-3837850422-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\uTorrent) (Version: 3.5.5.45095 - BitTorrent Inc.)
8GadgetPack (HKLM-x32\...\{A8F686C4-1A28-466C-914E-D2FE0B0220A2}) (Version: 23.0.0 - 8GadgetPack.net)
Acronis Disk Director (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Acronis True Image (HKLM-x32\...\{8404919F-69E9-47C4-8AC5-6820415748D1}) (Version: 21.0.6209 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{8404919F-69E9-47C4-8AC5-6820415748D1}Visible) (Version: 21.0.6209 - Acronis)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
AIDA64 Extreme v4.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.50 - FinalWire Ltd.)
Ashampoo Burning Studio 16 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BootRacer (HKLM-x32\...\{C38A685C-434B-4EE4-8C4A-AEDCA6876489}) (Version: 4.7.1.372 - Greatis Software, LLC)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contents64 (HKLM\...\{C7251103-EA39-4BCD-B5A0-819651AA35ED}) (Version: 20.0.0.137 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{6FA1F197-5EA9-4C48-BEA0-EC8F97AFE8F8}) (Version: 2.9.389 - Corel corporation) Hidden
Corel VideoStudio Pro X10 (HKLM-x32\...\_{F66B7119-9BE1-4982-A96D-4DB070A70B81}) (Version: X10.0.0.137 - Corel Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
EVEREST Ultimate Edition v4.00 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.00 - Lavalys, Inc.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Hard Disk Sentinel 4.50 Pro (HKLM-x32\...\Hard Disk Sentinel 4.50 Pro) (Version: - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
ICA (HKLM-x32\...\{F66B7119-9BE1-4982-A96D-4DB070A70B81}) (Version: 20.0.0.137 - Corel Corporation) Hidden
Infix PDF Editor verze 6.1.9.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.1.9.0 - Iceni Technology)
InternetOff 3.0, 32\64 bit edition (HKLM-x32\...\InternetOff_is1) (Version: - Crystal Rich, Ltd)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.0.2.29 - IObit)
IPM_VS_Pro64 (HKLM\...\{7735CE89-92C9-4809-B06B-81D3E093E07D}) (Version: 20.0 - Corel Corporation) Hidden
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalendář v0.1.21 (HKLM-x32\...\Kalendář_is1) (Version: - )
K-Lite Codec Pack 14.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.6.0 - KLCP)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.4.0 - Mozilla)
Mozilla Thunderbird 60.5.3 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.5.3 (x86 cs)) (Version: 60.5.3 - Mozilla)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.60.00 - NETGEAR Inc.)
PDF-Tools 4 (HKLM\...\PDF-Tools 4_is1) (Version: - Tracker Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{DE76F0A5-0745-4FBA-B774-B760DF92724D}) (Version: 6.0.317.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a5f96841-a02c-4075-bef1-d3769896c5fa}) (Version: 6.0.317.0 - Tracker Software Products (Canada) Ltd.)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
Quick Search 5.33.1.110 (HKLM-x32\...\Quick Search) (Version: 5.33.1.110 - Glarysoft Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (HKLM-x32\...\{DDD6A42C-474B-430A-9B19-7B66403AEE48}) (Version: 20.0.0.137 - Corel Corporation) Hidden
Seznam Software (HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Share64 (HKLM\...\{0A0F09C2-4A6A-4524-BE2D-F0A355AACB45}) (Version: 20.0.0.137 - Corel Corporation) Hidden
Skype verze 8.40 (HKLM-x32\...\Skype_is1) (Version: 8.40 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{588EF616-BA04-4023-B4DE-F8B3EB5F472F}) (Version: 4.1.0 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner (HKLM-x32\...\SlimCleaner) (Version: 4.1.0 - Slimware Utilities Holdings, Inc.)
SlimDrivers (HKLM-x32\...\{6DF079D7-2A57-4710-81B1-064649FF86FC}) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.) Hidden
SpeedZooka (HKLM-x32\...\SpeedZooka) (Version: 4.55.14 - ZookaWare)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.20 - Ghisler Software GmbH)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.0.6 - Gridinsoft LLC)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.4.5 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}) (Version: 2.48.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSClassic64 (HKLM\...\{AAAD0468-D205-4658-9A25-AA19C9DB1E31}) (Version: 20.0.0.137 - Corel Corporation) Hidden
VSPro64 (HKLM\...\{66D6E31D-9302-47C5-A46A-2748A2F91BA8}) (Version: 20.0.0.137 - Corel Corporation) Hidden
Web Companion (HKLM-x32\...\{95d34152-62d3-4d48-98b7-fe7855a1ec4c}) (Version: 4.3.1934.3766 - Lavasoft)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden
Windows 10 Manager (HKLM-x32\...\Windows 10 Manager) (Version: - YamicSoft)
Windows KMS Activator Ultimate 2018 4.1 (HKLM\...\Windows KMS Activator Ultimate 2018 4.1_is1) (Version: 4.1 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wise Disk Cleaner 10.1.4 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.1.4 - WiseCleaner.com, Inc.)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_CZ_is1) (Version: 15.0.1.3 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-133057320-3794765189-3837850422-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\jozun\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-133057320-3794765189-3837850422-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\jozun\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll => No File
CustomCLSID: HKU\S-1-5-21-133057320-3794765189-3837850422-1001_Classes\CLSID\{A4FEF2CE-E494-419e-ABCC-B2E993FB6BC0}\InprocServer32 -> C:\Users\jozun\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GlassyNetworkMonitor.gadget\Release\ProcessMonitor64.dll (TODO: <Firmenname>) [File not signed]
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2018-11-07] (Slimware Utilities Holdings, Inc. -> Slimware Utilities, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers3: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2018-11-07] (Slimware Utilities Holdings, Inc. -> Slimware Utilities, Inc.)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2018-11-07] (Slimware Utilities Holdings, Inc. -> Slimware Utilities, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04AC16C2-196B-441F-9BF9-D4D7C4819B08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0701627E-EAD9-4DA1-A3AC-25AF487362A0} - System32\Tasks\Uninstaller_SkipUac_jozun => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit)
Task: {0BFE8611-50BE-4F44-94E4-327BA14DDF8F} - System32\Tasks\Uninstaller_SkipUac_jozunost => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit)
Task: {0D220717-7AD1-41F7-A380-FC26147EC50B} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe (Lespeed Technology Ltd. -> WiseCleaner.com)
Task: {1105970C-9661-4589-9392-7CD8EB041F44} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (Microsoft Corporation -> Microsoft)
Task: {14EDEFFB-3312-48C0-9BB5-B8D451250A79} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: {19327E8C-0118-450A-AA2E-BEDA6369EC09} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1CF4C8BA-0F91-426B-91DE-CA429184360E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1E03F773-836F-46F0-B22A-924C674C2570} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3577A63A-C00E-4681-BA54-A2A24811A77F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {39E5662F-8558-416B-89A2-5FDDED0C3D3A} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {3D2BA759-9B21-4B0F-BCF9-3DD0DAEA7537} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {54473CA0-6D34-4358-8BD3-551F7889C28D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6826DB68-6732-410B-929C-B21157D631AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {78663CCE-F503-46F2-8951-A658EE84D32C} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking LLC -> Tweaking.com)
Task: {7A2964B1-AF9A-4FEF-8494-53681DF1D969} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {AC001254-16AF-464C-A7D8-ABF3FBEBE147} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {AC367A87-CD10-4A33-BE64-07F0A06058A5} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe (Corel Corporation -> Corel Corporation)
Task: {B1A82579-410A-440D-B065-EB92A8D3F49E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {CF9C6BDB-5963-42D4-BB9B-862843739D16} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-133057320-3794765189-3837850422-1002 => C:\Users\jozun\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F691BBAE-5F8B-401C-A886-E2E46DE6C963} - System32\Tasks\klcp_update => CodecTweakTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_jozun.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-14 18:29 - 2012-10-21 08:36 - 000121856 _____ (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed] C:\WINDOWS\system32\PrintCtrl.exe
2017-08-12 09:23 - 2017-08-12 09:23 - 000291264 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2017-08-12 09:23 - 2017-08-12 09:23 - 003664320 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-08-02 17:06 - 2012-02-17 19:55 - 000193536 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2017-08-12 09:23 - 2017-08-12 09:23 - 000163776 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2018-08-02 17:09 - 2005-11-09 20:12 - 000580608 _____ () [File not signed] C:\Program Files (x86)\Kalendar\kalendar.exe
2017-08-12 09:23 - 2017-08-12 09:23 - 000885696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2016-12-01 19:06 - 2017-01-18 22:21 - 001482240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2016-10-12 18:14 - 2016-10-12 18:14 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2015-07-08 16:54 - 2015-07-08 16:54 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2015-07-08 16:54 - 2015-07-08 16:54 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2015-07-08 16:54 - 2015-07-08 16:54 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-133057320-3794765189-3837850422-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-07 15:17 - 2019-03-07 15:17 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %SystemRoot%\system32\WBEM;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Windows Live\Shared;C:\Users\jozun\AppData\Local\Microsoft\WindowsApps;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-133057320-3794765189-3837850422-1001\Control Panel\Desktop\\Wallpaper -> E:\6.plocha-pozadí u Windows 7\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "NBAgent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7C997B54-1184-4E45-AE64-1E19B71F6BF2}] => (Allow) LPort=1900
FirewallRules: [{86A21F59-F712-49D0-AFE4-45D99C853861}] => (Allow) LPort=2869
FirewallRules: [{D6F4AAA3-6610-40DD-8F73-C294002F50E3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{214A5924-A773-4B73-B7C2-2EFC69D3C807}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{BE563E36-EE0E-4A1C-B750-C569203A1FBD}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{7381D624-49C6-4C93-AF8B-A3A8BB06BED8}] => (Allow) C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2B644145-C900-4C5C-A354-0E8AD3998DDA}] => (Allow) C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B4AA8D4-B0B7-43C7-8434-02647692ADB6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{75CDE061-0B01-4875-A6B1-A4224CA4A538}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{6511A728-2910-4C0C-9F69-03E33BEB7CF2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{39CFE395-D277-4697-9B2B-5C1B326E6230}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{BD90DD6B-DF0E-429B-BDCE-FFB01D3F9B35}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{3102322C-0A12-48C4-B7E1-160B3BC81DD7}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{0C935CA8-2FEB-47FE-9B48-A59B402BECE8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{779D5D5F-58BB-462C-B2EB-4315C9474420}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{E8221DFE-9A84-4472-9D03-08E0FDB8AC0F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{FD3D519C-20D1-49DC-92A1-79A43568A069}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{F6739EDD-3623-420C-93C1-AB914C71622A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{C9C783EC-8F25-4A71-AEA7-40C780C99F7B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{1EDF8DF0-69C6-41AB-B88C-D8389842D455}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DAE178FA-2897-4BD5-8383-5B71172E1682}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FFF17B3E-F3CC-4292-8CD3-BD40BFB9CB51}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D0CF204C-91CE-4A86-82D3-3017C437A251}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6FA5ACD-8971-43A6-B3FF-D1BDBCF3B4F1}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcess.exe No File
FirewallRules: [{188C802A-02A6-4877-AD33-9926C3E28BCC}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcess.exe No File
FirewallRules: [{8DEA64AD-859D-497A-B670-82716C218CC0}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B6F4E0F-8238-440B-B7E7-D67573FEF7B0}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{DB8502E6-1316-4531-9DBC-BAB92118F6AD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EF3250F5-8E74-4A2F-ABF4-D8BAEF824078}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A4F4B11B-573B-4AB6-866C-641581277515}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7348F0F3-CB37-47A6-9F34-F6FAC6577AFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{69500A21-3C19-46E9-893B-4AACFE62AF28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D6AD985C-6FAA-4569-B5AB-751637D827FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D5723AB2-EB55-42F4-82FE-A7C6215C0D44}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{48142A3C-5CAA-4B46-914C-B33218EEE229}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3DD3AF82-E314-4F92-A7B5-4AE177DD92EC}] => (Allow) C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6C48CB9D-71A2-43AC-B86B-AB6C26F1AF3D}] => (Allow) C:\Users\jozun\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{94CF6812-D449-4D3F-B285-61091194B083}] => (Allow) C:\Users\jozun\AppData\Local\Temp\taskmgr.exe No File
FirewallRules: [{6708DCD4-2011-494C-8FB9-B681D7EB2902}] => (Allow) C:\Users\jozun\AppData\Local\Temp\taskmgr.exe No File
FirewallRules: [TCP Query User{A7CE40C5-36D9-4796-B601-74724B551DA4}C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe] => (Allow) C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F0613491-8F77-4415-922A-67D17AFBAC60}C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe] => (Allow) C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8493FD11-E578-462F-9018-EC0783217351}] => (Block) C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C8F818D1-4BBA-472C-A879-CF26B5951878}] => (Block) C:\users\jozun\appdata\roaming\utorrent\updates\3.5.5_44954.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3A8BF93C-D00D-457A-8D70-0D4618F1F95D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C231FAA0-664A-4E9E-9D77-A595532822EB}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2018 4.1\Windows KMS Activator Ultimate 2018 4.1.exe No File
FirewallRules: [{4DD4A94E-1EA2-4BF3-884D-AE30206E5A5F}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2018 4.1\Windows KMS Activator Ultimate 2018 4.1.exe No File
FirewallRules: [{2AF9A83E-72D2-434B-BDCB-1CDCF4A95D6F}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcess32.exe No File
FirewallRules: [{5F640B4C-9EC3-41CC-926B-7342B17FBA2A}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcess32.exe No File
FirewallRules: [{59E7F96F-17A3-4A6F-A290-F6E2085B7D91}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcesx86.exe No File
FirewallRules: [{50E0E473-4833-4C98-8874-417EAC05DBB4}] => (Allow) C:\Users\jozun\AppData\Roaming\system32\HostProcesx86.exe No File
FirewallRules: [TCP Query User{AA13BFC1-2FF9-47FC-8159-9BA6E2909A95}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [UDP Query User{3686B40C-13F1-4A40-B96D-1E2AF93B7E26}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [{DC994E4C-22BF-49B0-8D30-AC582EEB37F2}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [{ADB51E4D-8DD0-431D-9545-CE33A6E3656D}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [{AB68583D-1391-4C0D-8CEE-EE1C1B0DB68F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DAC96C31-7361-4801-969B-1D052028E327}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

05-03-2019 15:35:20 1.ihned po obnově zálohy 10.SSD 240 GB (1.2.2019)vše funguje
08-03-2019 14:07:26 Installed Microsoft Solution - b1fd3df2-4787-461b-8de9-a16614dede1c
08-03-2019 16:45:10 před notepad

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2019 08:35:00 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/09/2019 08:34:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/09/2019 08:33:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (03/09/2019 08:33:18 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {bff084d0-fe96-4beb-aeed-e268b61ee7b0}

Error: (03/09/2019 08:22:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/09/2019 08:19:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/09/2019 08:19:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/09/2019 08:17:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (03/09/2019 08:21:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMPNetworkSvc byla ukončena s následující chybou:
Byl proveden pokus o odkaz na neexistující token.

Error: (03/09/2019 08:21:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:18:41, ‎09.‎03.‎2019) bylo neočekávané.

Error: (03/09/2019 08:17:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WMPNetworkSvc byla ukončena s následující chybou:
Byl proveden pokus o odkaz na neexistující token.

Error: (03/09/2019 08:17:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:04:56, ‎09.‎03.‎2019) bylo neočekávané.

Error: (03/08/2019 09:35:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5AEIRAE)
Description: Server {1EF75F33-893B-4E8F-9655-C3D602BA4897} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/08/2019 09:35:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5AEIRAE)
Description: Server {1EF75F33-893B-4E8F-9655-C3D602BA4897} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/08/2019 09:35:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5AEIRAE)
Description: Server {1EF75F33-893B-4E8F-9655-C3D602BA4897} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/08/2019 09:35:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5AEIRAE)
Description: Server {1EF75F33-893B-4E8F-9655-C3D602BA4897} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2019-03-06 10:03:59.378
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {8A56AD25-18F0-405B-B536-9CBCE5BB35EF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

Date: 2019-02-01 15:27:12.361
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {1B73367D-774A-4E85-9A18-6AFD01FC5862}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-01 14:29:25.727
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {78A728C0-76D0-40D4-8312-E91EE8D96937}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-01 12:18:29.256
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {0929B6E8-C623-4284-92B2-5230261FC99B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-08 13:44:27.191
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {13CD064A-B7FC-48FF-A25C-9BD4D3C38E0C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-03-07 15:00:00.556
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-03-07 10:24:11.804
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-08 10:05:43.841
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-07 21:21:23.666
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.2468.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

Date: 2019-01-07 21:21:23.665
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.2468.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 17%
Total physical RAM: 16253.87 MB
Available physical RAM: 13360.18 MB
Total Virtual: 17277.87 MB
Available Virtual: 14472.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.45 GB) (Free:22.79 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:80.65 GB) (Free:28.13 GB) NTFS
Drive e: (disk) (Fixed) (Total:1863.01 GB) (Free:15.84 GB) NTFS
Drive w: (Nový svazek) (Fixed) (Total:72.98 GB) (Free:15.99 GB) NTFS

\\?\Volume{e91e246a-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 610FCD4A)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: E91E246A)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=69.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=80.6 GB) - (Type=05)

==================== End of Addition.txt ============================

1. Odinstaluj vsetko od IOBit
2. Vycisti PC s MBAM

odinstaloval jsem IObit Uninstal a vyčistil v MBAM a je to to pořád stejné.....?

Najdi a vymaz subor "C:\Users\jozun\AppData\Local\Temp\taskmgr.exe"
Restart PC

díky JaRone ale tam žádný takovýto soubor taskmgr.exe není...........

Prescanuj PC s Avptool

Proskenoval jsem a zatím nic-chvíli počkám co to bude dělat - později se ozvu. Zatím díky moc!!!!!!!!!!!!!!!!

OK, vloz aktualny log Frst.txt
Zajtra pozriem