Pomalý výkon PC Vyřešeno

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Reklama]

[Bayomet69]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-28 15:59:46
-----------------------------
15:59:46.605 OS Version: Windows x64 6.2.9200
15:59:46.605 Number of processors: 2 586 0x3C03
15:59:46.605 ComputerName: HANUS-PC UserName: Hanus
15:59:47.745 Initialize success
15:59:47.792 VM: initialized successfully
15:59:47.792 VM: Intel CPU supported
15:59:52.965 VM: supported disk I/O storport.sys
15:59:57.795 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
15:59:57.795 Disk 0 Vendor: WDC_WD5000AAKX-22ERMA0 17.01H17 Size: 476940MB BusType: 11
15:59:57.905 VM: Disk 0 MBR read successfully
15:59:57.905 Disk 0 MBR scan
15:59:57.905 Disk 0 unknown MBR code
15:59:57.905 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:59:57.936 Disk 0 scanning C:\WINDOWS\system32\drivers
16:00:05.831 Service scanning
16:00:19.160 Modules scanning
16:00:19.160 Disk 0 trace - called modules:
16:00:19.176 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
16:00:19.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000867c2210]
16:00:19.176 3 CLASSPNP.SYS[fffff800a3793170] -> nt!IofCallDriver -> [0xffffe000863d6e50]
16:00:19.176 5 ACPI.sys[fffff800a3037c21] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000863d5060]
16:00:19.176 Disk 0 statistics 110698/0/5 @ 8,26 MB/s
16:00:19.176 Scan finished successfully
16:00:31.461 Disk 0 MBR has been saved successfully to "C:\Users\Hanus\Desktop\MBR.dat"
16:00:31.461 The log file has been saved successfully to "C:\Users\Hanus\Desktop\aswMBR.txt"

[Bayomet69]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Hanus (administrator) on HANUS-PC (28-01-2016 16:01:58)
Running from C:\Users\Hanus\Desktop
Loaded Profiles: Hanus (Available Profiles: Hanus)
Platform: Windows 8.1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-06-17] (Spotify Ltd)
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-12-17] (GOG.com)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45EBB24D-83FA-43A8-B741-2F2DCFC276C4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4DDE0E17-7512-4773-AE02-D9007D1B58DA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-13] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Dokumenty Google) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Disk Google) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Tabuľky Google) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-26]
CHR Extension: (Gmail) - C:\Users\Hanus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-12-17] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-17] (GOG.com)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\Hanus\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Hanus\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 16:01 - 2016-01-28 16:02 - 00011498 _____ C:\Users\Hanus\Desktop\FRST.txt
2016-01-28 16:01 - 2016-01-28 16:01 - 02370560 _____ (Farbar) C:\Users\Hanus\Desktop\FRST64.exe
2016-01-28 16:00 - 2016-01-28 16:00 - 00001686 _____ C:\Users\Hanus\Desktop\aswMBR.txt
2016-01-28 16:00 - 2016-01-28 16:00 - 00000512 _____ C:\Users\Hanus\Desktop\MBR.dat
2016-01-28 15:59 - 2016-01-28 15:59 - 05200384 _____ (AVAST Software) C:\Users\Hanus\Desktop\aswmbr.exe
2016-01-28 15:58 - 2016-01-28 15:58 - 00000000 ____D C:\Users\Hanus\Desktop\backups
2016-01-28 12:20 - 2016-01-28 12:20 - 00000202 _____ C:\Users\Hanus\Desktop\Men of War Assault Squad 2.url
2016-01-28 10:02 - 2016-01-28 10:02 - 04782936 _____ C:\Users\Hanus\Downloads\volvo_c70.zip
2016-01-27 16:57 - 2016-01-27 16:57 - 03021231 _____ C:\Users\Hanus\Downloads\1287256953_peugeot206stock.rar
2016-01-27 16:46 - 2016-01-27 16:46 - 00683814 _____ C:\Users\Hanus\Downloads\1311663094_2009_Lexus_IS_F.rar
2016-01-27 12:59 - 2016-01-27 13:05 - 00001578 _____ C:\Users\Hanus\Desktop\HRT Pack 1.3 Enhanced Edition.lnk
2016-01-27 12:59 - 2016-01-27 12:59 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HRT Pack 1.3 Enhanced Edition
2016-01-27 12:53 - 2016-01-27 13:05 - 00000000 ____D C:\Users\Hanus\Desktop\GTA San Andreas
2016-01-27 12:13 - 2016-01-27 12:57 - 618561647 _____ C:\Users\Hanus\Downloads\HRT_Pack_1.3_Enhanced_Edition.rar
2016-01-27 12:06 - 2016-01-27 12:06 - 00249068 _____ C:\Users\Hanus\Downloads\SA_DirectX v1.3 Beta.zip
2016-01-27 11:50 - 2016-01-27 11:53 - 42583326 _____ C:\Users\Hanus\Downloads\Vegetation_Pack_3.zip
2016-01-27 11:44 - 2016-01-27 11:44 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2016-01-27 11:39 - 2016-01-27 11:40 - 02415342 _____ C:\Users\Hanus\Downloads\21892-optix-enbseries-dlya-moschnyh-pk.zip
2016-01-27 09:53 - 2016-01-28 15:55 - 00000000 ____D C:\Users\Hanus\AppData\Local\CrashDumps
2016-01-27 09:51 - 2013-11-05 00:02 - 00000013 _____ C:\Users\Hanus\Desktop\PASSWORD.txt
2016-01-26 20:25 - 2016-01-26 20:15 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-01-26 20:14 - 2016-01-26 20:14 - 01309184 _____ C:\Users\Hanus\Desktop\zoek.exe
2016-01-26 20:11 - 2016-01-26 20:11 - 01507840 _____ C:\Users\Hanus\Downloads\adwcleaner_5.031.exe
2016-01-26 17:54 - 2016-01-26 17:54 - 03439380 _____ C:\Users\Hanus\Downloads\Photorealistic ENB Series v2.zip
2016-01-26 17:54 - 2016-01-26 17:54 - 03439380 _____ C:\Users\Hanus\Downloads\Photorealistic ENB Series v2 (1).zip
2016-01-26 17:27 - 2016-01-26 17:28 - 08402658 _____ C:\Users\Hanus\Downloads\V HUD by DK22Pac - release 03.01.15.rar
2016-01-26 17:24 - 2016-01-26 17:26 - 33866875 _____ C:\Users\Hanus\Downloads\1366971117_BSOR_2013_classic_version.rar
2016-01-26 17:23 - 2016-01-26 17:24 - 12734412 _____ C:\Users\Hanus\Downloads\MMGE12.rar
2016-01-26 17:15 - 2016-01-26 17:20 - 19500575 _____ C:\Users\Hanus\Downloads\SRt3_2014_Update_V1.01.rar
2016-01-26 14:33 - 2016-01-26 14:34 - 21907135 _____ C:\Users\Hanus\Downloads\1356605371_ENBSeries40FINALE.rar
2016-01-26 14:03 - 2016-01-26 14:03 - 01372866 _____ C:\Users\Hanus\Downloads\IMFX-LensflareV2.rar
2016-01-26 14:00 - 2016-01-26 14:01 - 09408652 _____ C:\Users\Hanus\Downloads\sa-downgrade_patch_0.3.1.rar
2016-01-26 13:57 - 2016-01-26 13:58 - 23345560 _____ C:\Users\Hanus\Downloads\1385895319_MartyMcFly_ENBZ.rar
2016-01-26 13:11 - 2016-01-26 13:11 - 00000000 ____D C:\Users\Hanus\Documents\CLEO_SDK
2016-01-26 13:09 - 2016-01-26 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2016-01-26 12:15 - 2016-01-26 12:16 - 09408601 _____ C:\Users\Hanus\Desktop\GTA_sa-downgrade_patch_0.3.1.rar
2016-01-25 12:01 - 2016-01-26 11:05 - 00000000 ____D C:\Users\Hanus\Documents\GTA San Andreas
2016-01-25 10:38 - 2016-01-25 11:51 - 1061847724 _____ C:\Users\Hanus\Desktop\Sands_of_Faith_v1.5.7z
2016-01-24 19:39 - 2016-01-25 12:05 - 00000000 ____D C:\Users\Hanus\Documents\Mount&Blade Warband Savegames
2016-01-24 15:36 - 2016-01-24 15:36 - 00001116 _____ C:\Users\Hanus\Desktop\Mount&Blade Warband.lnk
2016-01-24 15:36 - 2016-01-24 15:36 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Mount&Blade Warband
2016-01-24 15:36 - 2016-01-24 15:36 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-01-24 15:36 - 2016-01-24 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-01-24 15:35 - 2016-01-25 10:07 - 00000000 ____D C:\Users\Hanus\Documents\Mount&Blade Warband
2016-01-24 15:35 - 2016-01-24 15:57 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2016-01-24 14:48 - 2016-01-24 15:32 - 609752360 _____ C:\Users\Hanus\Desktop\mb_warband_setup_1168.exe
2016-01-23 14:23 - 2016-01-26 13:27 - 00000000 ____D C:\Users\Hanus\Documents\GTA San Andreas User Files
2016-01-22 16:14 - 2016-01-22 16:16 - 25133128 _____ C:\Users\Hanus\Desktop\RogueKillerX64.exe
2016-01-22 16:13 - 2016-01-22 16:13 - 00000681 _____ C:\Users\Hanus\Desktop\JRT.txt
2016-01-22 16:08 - 2016-01-22 16:09 - 01600184 _____ (Malwarebytes) C:\Users\Hanus\Desktop\JRT.exe
2016-01-21 16:49 - 2016-01-21 16:49 - 00231760 _____ C:\Users\Hanus\Desktop\CrucialScan.exe
2016-01-21 16:27 - 2016-01-21 16:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hanus\Desktop\HijackThis.exe
2016-01-20 16:23 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-20 16:23 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-20 16:23 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-20 16:23 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-20 16:23 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-20 16:23 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-20 16:23 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-20 16:23 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-20 16:23 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-20 16:23 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-20 16:23 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-20 16:23 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-20 16:23 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-20 16:23 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-20 16:23 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-20 16:23 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-20 16:23 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-20 16:23 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-20 16:23 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-20 16:23 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-20 16:23 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-20 16:22 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-20 16:22 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-20 16:22 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-20 16:22 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-20 16:22 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-20 16:22 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-20 16:22 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-20 16:22 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-20 16:22 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-20 16:22 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-20 16:22 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-20 16:22 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-20 16:22 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-20 16:22 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-20 16:22 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-20 16:22 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-20 16:22 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-20 16:22 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-20 16:22 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-20 16:22 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-20 16:22 - 2015-12-03 18:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-20 16:22 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-20 16:22 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-20 16:22 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-20 16:22 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-20 16:22 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-20 16:22 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-20 16:22 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-20 16:22 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-20 16:22 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-20 16:22 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-20 16:22 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-20 16:22 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-20 16:22 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-20 16:22 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-20 16:22 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-20 16:22 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-20 16:22 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-20 16:22 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-20 16:22 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-01-20 16:22 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-01-20 16:20 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-20 16:20 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-20 16:20 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-20 16:20 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-20 16:15 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-20 16:15 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-20 15:40 - 2016-01-20 15:40 - 00346245 _____ C:\Users\Hanus\Desktop\bes_1.6.2.zip
2016-01-13 14:07 - 2016-01-24 15:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-01-09 11:09 - 2016-01-09 11:09 - 00000000 ____D C:\ProgramData\WarThunder
2016-01-08 15:53 - 2016-01-08 15:53 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-08 15:31 - 2016-01-08 15:33 - 00000000 ____D C:\NPE
2016-01-08 15:28 - 2016-01-25 08:46 - 00000000 ____D C:\ProgramData\Norton
2016-01-08 15:28 - 2016-01-08 15:39 - 00000000 ____D C:\Users\Hanus\AppData\Local\NPE
2016-01-08 11:18 - 2016-01-08 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wiedźmin 3® - Dziki Gon [GOG.com]
2016-01-03 14:06 - 2016-01-08 10:45 - 00007602 _____ C:\Users\Hanus\AppData\Local\resmon.resmoncfg
2015-12-31 11:32 - 2015-12-31 11:33 - 00000000 ____D C:\Users\Hanus\Documents\Stronghold Crusader 2
2015-12-31 11:31 - 2015-12-31 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2 [GOG.com]
2015-12-30 15:11 - 2015-12-30 15:11 - 00000000 ____D C:\Users\Hanus\AppData\LocalLow\Strange Fire
2015-12-30 14:04 - 2015-12-30 14:04 - 00000000 ____D C:\Users\Hanus\Documents\Banished
2015-12-30 13:20 - 2016-01-26 20:10 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\uTorrent
2015-12-30 13:19 - 2015-12-30 13:19 - 02026520 _____ (BitTorrent Inc.) C:\Users\Hanus\Desktop\uTorrent.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 16:01 - 2015-11-06 11:27 - 00000000 ____D C:\FRST
2016-01-28 15:55 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-28 15:40 - 2015-08-02 23:41 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F85D8D3-BFBD-487A-96B3-E6C2E0978322}
2016-01-28 15:21 - 2015-12-13 13:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-28 13:47 - 2015-08-02 23:41 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3812361727-838257335-1277264128-1001
2016-01-28 12:20 - 2015-08-02 19:29 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-28 09:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 20:59 - 2015-08-21 15:07 - 00000000 ____D C:\KMPlayer
2016-01-26 20:32 - 2015-09-08 13:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 20:30 - 2015-09-09 13:21 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-26 20:28 - 2015-11-05 14:03 - 00008192 _____ C:\WINDOWS\system32\edb.chk
2016-01-26 20:23 - 2015-11-05 14:03 - 00000000 ____D C:\zoek_backup
2016-01-26 20:12 - 2015-11-04 20:55 - 00000000 ____D C:\AdwCleaner
2016-01-25 08:53 - 2015-08-27 11:57 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Skype
2016-01-25 08:47 - 2015-10-24 10:56 - 00000000 ___RD C:\Users\Hanus\Disk Google
2016-01-24 15:55 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-24 15:55 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-24 15:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-01-23 14:25 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-23 14:24 - 2015-08-02 16:36 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-01-23 14:24 - 2015-08-02 16:36 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-01-23 14:24 - 2015-08-02 16:32 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-01-23 14:24 - 2015-08-02 16:31 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-01-23 14:24 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-01-23 14:24 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-01-23 14:24 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-01-23 14:24 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-01-23 14:24 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-01-23 14:24 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-01-23 14:24 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-01-23 14:24 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-01-23 14:24 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-01-23 14:24 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-01-21 20:28 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-21 17:19 - 2015-11-04 21:00 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-21 17:19 - 2015-09-08 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-21 17:19 - 2015-09-08 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-21 16:34 - 2015-09-29 13:27 - 00000000 ___RD C:\Users\Hanus\Desktop\Hry
2016-01-21 13:36 - 2014-03-06 07:43 - 00765714 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-21 13:30 - 2014-06-17 14:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-20 20:12 - 2015-08-03 14:18 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-20 20:12 - 2015-08-03 14:18 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-20 16:42 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 16:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-20 16:41 - 2015-08-03 14:18 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-01-20 16:41 - 2015-08-03 14:18 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-01-20 16:40 - 2015-08-03 12:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-20 16:36 - 2015-08-03 12:04 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-20 15:49 - 2015-12-17 15:49 - 00000000 ____D C:\Users\Hanus\Documents\The Witcher 3
2016-01-20 15:47 - 2014-01-11 13:00 - 00000000 ____D C:\Users\Hanus\Desktop\BES_1.6.2
2016-01-19 16:55 - 2015-08-02 23:35 - 00000000 ____D C:\Users\Hanus
2016-01-18 18:50 - 2015-08-02 23:58 - 00000000 ____D C:\Users\Hanus\AppData\Local\ElevatedDiagnostics
2016-01-13 14:06 - 2015-12-03 14:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-09 14:46 - 2015-12-17 15:17 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-01-08 20:18 - 2015-09-05 17:21 - 00000000 ____D C:\Users\Hanus\AppData\Roaming\Spotify
2016-01-08 15:30 - 2015-08-11 09:48 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-05 21:04 - 2015-08-13 07:46 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 21:04 - 2015-08-13 07:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-05 14:12 - 2015-08-03 04:58 - 00000000 ____D C:\Users\Hanus\Documents\My Games
2016-01-03 20:31 - 2015-09-12 15:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-12-31 11:32 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\assembly
2015-12-31 11:28 - 2015-12-17 14:32 - 00000000 ____D C:\GOG Games
2015-12-30 11:05 - 2015-08-02 23:35 - 00000000 ___RD C:\Users\Hanus\Pictures

==================== Files in the root of some directories =======

2014-08-04 14:46 - 2014-08-04 14:46 - 0155453 _____ () C:\Program Files\changelog.txt
2013-11-13 13:36 - 2013-11-13 13:36 - 0110106 _____ () C:\Program Files\createfileassoc.exe
2014-08-04 14:46 - 2014-08-04 14:46 - 0204232 _____ (TeamSpeak Systems GmbH) C:\Program Files\error_report.exe
2014-06-05 14:48 - 2014-06-05 14:48 - 1653248 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\libeay32.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 0036932 _____ () C:\Program Files\license.txt
2012-11-05 21:26 - 2012-11-05 21:26 - 0661456 _____ (Microsoft Corporation) C:\Program Files\msvcp110.dll
2012-11-05 21:26 - 2012-11-05 21:26 - 0849360 _____ (Microsoft Corporation) C:\Program Files\msvcr110.dll
2014-05-19 12:15 - 2014-05-19 12:15 - 1313056 _____ (Overwolf) C:\Program Files\OverwolfTeamSpeakInstaller.exe
2014-08-04 14:46 - 2014-08-04 14:46 - 0236488 _____ (TeamSpeak Systems GmbH) C:\Program Files\package_inst.exe
2014-08-04 09:29 - 2014-08-04 09:29 - 0000321 _____ () C:\Program Files\plugin_sdk.html
2014-02-27 15:47 - 2014-02-27 15:47 - 5459968 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Core.dll
2014-02-27 15:48 - 2014-02-27 15:48 - 3573760 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Gui.dll
2014-02-27 15:47 - 2014-02-27 15:47 - 1068032 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Network.dll
2014-02-27 15:47 - 2014-02-27 15:47 - 0214528 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Sql.dll
2014-02-27 15:50 - 2014-02-27 15:50 - 5336064 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Widgets.dll
2014-02-28 10:14 - 2014-02-28 10:14 - 0173568 _____ () C:\Program Files\quazip.dll
2014-06-05 14:48 - 2014-06-05 14:48 - 0345088 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files\ssleay32.dll
2014-08-04 14:45 - 2014-08-04 14:45 - 10725320 _____ (TeamSpeak Systems GmbH) C:\Program Files\ts3client_win64.exe
2015-08-03 16:08 - 2015-08-03 16:08 - 0126290 _____ (TeamSpeak Systems GmbH) C:\Program Files\Uninstall.exe
2014-08-04 14:46 - 2014-08-04 14:46 - 0824296 _____ (TeamSpeak Systems GmbH) C:\Program Files\update.exe
2014-06-20 08:44 - 2014-06-20 08:44 - 0520934 _____ () C:\Program Files\usb.ids
2015-08-05 11:33 - 2015-08-05 11:34 - 1065984 _____ () C:\Users\Hanus\AppData\Local\file__0.localstorage
2016-01-03 14:06 - 2016-01-08 10:45 - 0007602 _____ () C:\Users\Hanus\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-25 09:12

==================== End of FRST.txt ============================

[Bayomet69]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Hanus (2016-01-28 16:02:56)
Running from C:\Users\Hanus\Desktop
Windows 8.1 (X64) (2015-08-02 22:34:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3812361727-838257335-1277264128-500 - Administrator - Disabled)
Guest (S-1-5-21-3812361727-838257335-1277264128-501 - Limited - Disabled)
Hanus (S-1-5-21-3812361727-838257335-1277264128-1001 - Administrator - Enabled) => C:\Users\Hanus
HomeGroupUser$ (S-1-5-21-3812361727-838257335-1277264128-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 2.8.1.21 (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Aslain's WoWs Modpack verze 5.1.2.1 (HKLM-x32\...\ASLAINSWARSHIPSTEST_is1) (Version: 5.1.2.1 - Aslain)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3716.57 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Freemake Video Converter verzia 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Malwarebytes Anti-Malware verzia 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version: - Digitalmindsoft)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
Mount&Blade With Fire and Sword (HKLM-x32\...\Mount&Blade With Fire and Sword) (Version: - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA 3D Vision radič ovládača 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafický ovládač 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Virtuálny zvuk Miracast 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
Ovládací panel NVIDIA 361.43 (Version: 361.43 - NVIDIA Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 - The Emperor and The Hermit (HKLM-x32\...\Stronghold Crusader 2: The Emperor and The Hermit_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Jackall and The Khan (HKLM-x32\...\Stronghold Crusader 2: The Jackall and The Khan_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2: The Princess and The Pig_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Templar and The Duke (HKLM-x32\...\Stronghold Crusader 2: The Templar and The Duke_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 (HKLM-x32\...\1433852499_is1) (Version: 2.2.0.7 - GOG.com)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version: - FireFly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.11.0 - GOG.com)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version: - Creative Assembly)
Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
War Thunder Launcher 1.0.1.538 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AFB4CD0-7918-429A-8BDD-BDC63674CF9F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)
Task: {69C37424-42A1-482B-A5D4-95EA5CFA5E93} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security se zálohováním\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {69E99D77-5906-4AD0-906A-F41820765B60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {84C5AF9F-7871-4A33-B3DE-5DA044729B4B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {8A6784D7-E7AA-4EC3-AB7C-06203DA68212} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-31] (Acer Incorporated)
Task: {90EB7AAA-E70E-4600-BD1D-C72EE4548DCE} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {92F0DA71-E863-47D7-90D5-4E10DE39EE8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-20] (Microsoft Corporation)
Task: {99CE1743-1169-4E83-B12F-51B9CAABF68B} - System32\Tasks\Opera scheduled Autoupdate 1441991824 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {A045465F-A4C7-48EF-AF10-B67CEA87E567} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {A8831B12-DF95-4462-8F19-C6BAF255F5BF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {AC2BDFE8-0D3D-4320-B058-B219581DA871} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {ADABE9F8-191F-4089-B7EA-9EDD0096C517} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BC020A7B-62F1-480B-9042-C2C9B3EF0666} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-12 18:22 - 2015-11-10 20:55 - 00778752 _____ () D:\Steam\SDL2.dll
2015-08-02 19:25 - 2015-07-03 17:12 - 04962816 _____ () D:\Steam\v8.dll
2016-01-01 15:14 - 2015-12-14 21:01 - 02547280 _____ () D:\Steam\video.dll
2015-08-02 19:25 - 2015-07-03 17:12 - 01556992 _____ () D:\Steam\icui18n.dll
2015-08-02 19:25 - 2015-07-03 17:12 - 01187840 _____ () D:\Steam\icuuc.dll
2015-10-08 13:12 - 2015-09-24 01:33 - 02549248 _____ () D:\Steam\libavcodec-56.dll
2015-10-08 13:12 - 2015-09-24 01:33 - 00491008 _____ () D:\Steam\libavformat-56.dll
2015-10-08 13:12 - 2015-09-24 01:33 - 00332800 _____ () D:\Steam\libavresample-2.dll
2015-10-08 13:12 - 2015-09-24 01:33 - 00442880 _____ () D:\Steam\libavutil-54.dll
2015-10-08 13:12 - 2015-09-24 01:33 - 00485888 _____ () D:\Steam\libswscale-3.dll
2016-01-01 15:14 - 2015-12-14 21:01 - 00804432 _____ () D:\Steam\bin\chromehtml.DLL
2015-11-06 16:22 - 2015-11-03 23:00 - 00201728 _____ () D:\Steam\bin\openvr_api.dll
2015-12-12 18:22 - 2015-11-17 01:31 - 47846176 _____ () D:\Steam\bin\libcef.dll
2015-10-08 13:12 - 2015-09-25 00:56 - 00119208 _____ () D:\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-01-26 20:16 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3812361727-838257335-1277264128-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hanus\Downloads\stretched-1680-1050-560845.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UEIPSvc => 3
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "WarThunderLauncher"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "Tiny download manager"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87B85081-3E32-4106-9D74-D19C4CE201BF}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0CEE9708-BE4F-49D7-A586-CCF23DC15174}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{9303AF6C-AEFD-4DFD-864D-A73602A9B920}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BB7884FD-15CD-4216-B64E-1EA78ADD4E68}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9BC65F97-9A38-4D34-B342-8A54D64E36C1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EA789DCF-8BED-451E-AEA4-07FD6B5372D6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{77AA6952-28EE-4C46-9033-A6ADFA8945E3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{3FC56E80-8B74-4BB8-AE6F-09C7A51595BD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5BCD5C63-6890-44D6-92E6-7790EF464EBF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{D4CC9B98-88BB-4338-86DD-FBFD604C05C8}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{C46D24EE-8041-4A2B-BCCC-0C4C882FEEA2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4DC7970B-589C-4627-A68A-E265C90D6E7E}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{571025CA-8060-4ED7-970D-EA2ECBF0E0E6}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{871BEECF-FFD0-440E-8C28-1EE85220EF51}] => (Allow) D:\WarThunder\launcher.exe
FirewallRules: [{9B923312-5251-45B6-887B-257A3B8181DE}] => (Allow) D:\WarThunder\launcher.exe
FirewallRules: [{A374980F-FEAF-465C-AFAF-048255955051}] => (Allow) D:\WarThunder\bpreport.exe
FirewallRules: [{C54167DC-68FC-42E0-9AD7-636AE3CBF667}] => (Allow) D:\WarThunder\bpreport.exe
FirewallRules: [{2A5DEC40-61B1-4BD3-A67D-FE9657943A3D}] => (Allow) D:\Steam\steamapps\common\Stronghold Kingdoms\StrongholdKingdoms.exe
FirewallRules: [{D16B4F5D-531E-47C0-8592-515811A5705A}] => (Allow) D:\Steam\steamapps\common\Stronghold Kingdoms\StrongholdKingdoms.exe
FirewallRules: [{EA48FB27-9BC9-4E3C-A16E-B9FA6CDC3BEB}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{13E0581D-964C-46B9-9A07-98F6CFDB8926}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{4EAFD4C7-CE52-415A-91FE-567EC1189183}D:\world of tanks\worldoftanks.exe] => (Block) D:\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{F7DC0447-A59A-4280-92B3-0BB6716C50C5}D:\world of tanks\worldoftanks.exe] => (Block) D:\world of tanks\worldoftanks.exe
FirewallRules: [TCP Query User{43A8DE7F-C19C-450E-877C-97F4E4165669}D:\warthunder\aces.exe] => (Allow) D:\warthunder\aces.exe
FirewallRules: [UDP Query User{389DDADE-A973-4A15-A8AB-00E434A0B12B}D:\warthunder\aces.exe] => (Allow) D:\warthunder\aces.exe
FirewallRules: [TCP Query User{F4970585-D85C-4A08-830D-226B9B9820FF}D:\world of warships\wowslauncher.exe] => (Allow) D:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{8A956451-D1F8-4DA4-AABB-32907276D708}D:\world of warships\wowslauncher.exe] => (Allow) D:\world of warships\wowslauncher.exe
FirewallRules: [TCP Query User{FAA84C8C-2C57-4592-B116-B1538116F9F6}D:\steam\steamapps\common\total war arena\arena.exe] => (Block) D:\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [UDP Query User{06472B63-ACE3-4CD9-B8EF-E8875E8D6623}D:\steam\steamapps\common\total war arena\arena.exe] => (Block) D:\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [TCP Query User{7A40ADC1-4453-414C-9E1A-21D0F164BDE2}D:\world of tanks\wotlauncher.exe] => (Allow) D:\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{26A95EAE-97E0-46B2-B279-0ABF000C3EDA}D:\world of tanks\wotlauncher.exe] => (Allow) D:\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4BA68414-E6FA-457E-B20E-60CFBAC0FDFC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1955A99C-9A08-452F-BB29-B1C5FAAE4FEE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{392487C6-7639-4201-96ED-CBC93BD75DF7}D:\world of warships\wowslauncher.exe] => (Allow) D:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{3C3B52FC-DA68-468D-8E4E-96FC89518A12}D:\world of warships\wowslauncher.exe] => (Allow) D:\world of warships\wowslauncher.exe
FirewallRules: [TCP Query User{DDE212A9-E064-4022-B28A-6215007EFA7D}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe
FirewallRules: [UDP Query User{ED5028AA-7727-45B7-AB7E-9F59495A2C8F}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe
FirewallRules: [TCP Query User{BDDF06B6-BE2C-44FD-9D42-91C862235BC6}D:\warthunder\aces.exe] => (Allow) D:\warthunder\aces.exe
FirewallRules: [UDP Query User{A3A7B054-FE2D-4751-9CE8-8598E1FDC424}D:\warthunder\aces.exe] => (Allow) D:\warthunder\aces.exe
FirewallRules: [TCP Query User{710C479E-9ABB-4B90-9DD7-5D44B7213CA0}D:\world of tanks\wotlauncher.exe] => (Allow) D:\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{DCFD65F3-7F28-4732-A895-05C349A03E3B}D:\world of tanks\wotlauncher.exe] => (Allow) D:\world of tanks\wotlauncher.exe
FirewallRules: [{867E8025-DABA-41F9-9F66-8FC655F2F933}] => (Allow) D:\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{9A32E462-6EEF-46F8-BFFC-DCCE9572BF2E}] => (Allow) D:\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [TCP Query User{546A517E-F103-4CED-8D1D-05B6A6D74136}D:\steam\steamapps\common\total war arena\arena.exe] => (Block) D:\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [UDP Query User{BE9A5C5F-810C-43BA-A27C-7013672E3107}D:\steam\steamapps\common\total war arena\arena.exe] => (Block) D:\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [{000B07B7-34F0-46A1-BD5D-508B7C9529DB}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{15B06FC7-2C63-42B0-999A-1500A5C98C5D}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{21B8C736-728B-4B4B-B048-C35C4D803913}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{39C81872-99A8-4729-98DA-4EA7E74AC653}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{2CC92D41-7EAB-4493-97A9-9602BC4F3AD9}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{06225CD6-A61F-49D5-B488-E8570579D225}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CFA42265-2DD2-4F0B-87FB-9602FA049A0E}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{AF1F2499-1B96-41D5-911C-0DA1FB2ABE45}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{5296AAA7-4059-4130-8780-799ABE041A6E}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{7843F349-3BAB-40A5-B258-1C66F16D104C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1A533C56-AD07-4EF8-96BE-BF8EE7660F5C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D42909A3-8615-47CB-8ED8-87FD8EF5820B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{66723207-1A01-4B1F-88E5-79A1AC663E80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C785969-7F49-48CB-96AD-5A9264980D12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D3B0A321-F536-497A-BA73-5C0C0834260C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3311318-238C-4258-B97D-4E477E570C12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{238919D2-BF28-4A1C-8183-14F3DE9C85A8}] => (Allow) D:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{0AD6A48A-597E-4F80-9721-EAD31173CE79}] => (Allow) D:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{90786252-8057-48D8-BB92-89CF50534A3E}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{35C09DFE-1387-4038-924B-CAF89D466BEE}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{60EFCAAF-FB63-4F06-BFCF-EB94361FB040}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{A3BCA762-96B1-4340-8171-DF59210817CA}D:\warthunder\win64\aces.exe] => (Allow) D:\warthunder\win64\aces.exe
FirewallRules: [{8201F9DB-326D-4276-B410-FB4733853ECB}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C342B4B2-FE4A-4B5B-B430-58FC7FBBAB41}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDC52221-D55E-4972-A9F9-BF62DAF7BC59}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{23986DBC-31B6-4EB7-B6CA-CE6CF66F2198}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F4B5166-C767-44F5-A337-2353908DC69B}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30910B41-9219-4073-82BD-E64CFEC4DBE7}] => (Allow) C:\Users\Hanus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{ED98C0AF-11CA-4ABF-9D46-2466C85FAD27}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe
FirewallRules: [UDP Query User{6D178691-9548-4F32-9522-DBD840C0F92D}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe
FirewallRules: [TCP Query User{892ACE59-1543-4549-9459-3C4988737EE8}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\mapeditor.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\mapeditor.exe
FirewallRules: [UDP Query User{B94F4269-C397-4F60-A9AB-80D467F5EDEA}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\mapeditor.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\mapeditor.exe
FirewallRules: [{6A3245D9-7502-4BDD-A76D-B240901047C4}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{AA879E62-DD74-4B9C-91E2-E7357DFA349B}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3121224E-FA4B-4E39-BC82-EF7B6AFB9BA8}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{BBBE37DA-6E8F-4C27-A2F4-9D0194E3E2FD}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{0C9B7925-34E7-46BA-BB35-46EB18383825}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{AF7F00D7-6D68-4EAA-9935-31F0D618C67F}] => (Allow) D:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{8401DA49-D199-4B7E-8484-ED51E4EE63EF}] => (Allow) D:\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{532C8E7F-E2EB-4FA0-93C1-31C3EB399A73}] => (Allow) D:\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{BB5DA14F-FFDD-4662-AF70-441A37B1D908}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{D1314B6D-1CD2-4108-BBA0-6C86EB5FB4BB}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{0AB0AA26-6E63-40AA-A62F-924CC5EE38D4}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{5C764B10-B679-4A99-9BCE-79D8762580B4}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe

==================== Restore Points =========================

23-01-2016 14:23:50 Inštalátor modulov systému Windows
24-01-2016 15:35:06 Installed DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 02:17:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Kód výnimky: 0xc0000005
Odstup chyby: 0x00345aa5
Identifikácia chybujúceho procesu: 0xce0
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/28/2016 01:43:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Kód výnimky: 0xc0000005
Odstup chyby: 0x00345aa5
Identifikácia chybujúceho procesu: 0xb8
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 06:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Kód výnimky: 0xc0000005
Odstup chyby: 0x00345aa5
Identifikácia chybujúceho procesu: 0xbb4
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: uxtheme.dll, verzia: 6.3.9600.17415, časová značka: 0x54503957
Kód výnimky: 0xc0000005
Odstup chyby: 0x00036f53
Identifikácia chybujúceho procesu: 0xe24
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 03:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Kód výnimky: 0xc0000005
Odstup chyby: 0x00345aa5
Identifikácia chybujúceho procesu: 0xf7c
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 01:05:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: vorbisfile.dll, verzia: 6.3.9600.18185, časová značka: 0x5683eff4
Kód výnimky: 0xc0000135
Odstup chyby: 0x0009d5b2
Identifikácia chybujúceho procesu: 0xec4
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 10:05:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: d3d9.dll, verzia: 1.0.0.1, časová značka: 0x53f6a1ec
Kód výnimky: 0xc0000005
Odstup chyby: 0x0001f0b3
Identifikácia chybujúceho procesu: 0x74c
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 10:00:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x4270f18a
Názov chybujúceho modulu: d3d9.dll, verzia: 1.0.0.1, časová značka: 0x53f6a1ec
Kód výnimky: 0xc0000005
Odstup chyby: 0x0001f0b3
Identifikácia chybujúceho procesu: 0xa8
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 09:54:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x427101ca
Názov chybujúceho modulu: d3d9.dll, verzia: 1.0.0.1, časová značka: 0x53f6a1ec
Kód výnimky: 0xc0000005
Odstup chyby: 0x0001f0b3
Identifikácia chybujúceho procesu: 0x644
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5

Error: (01/27/2016 09:53:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: gta_sa.exe, verzia: 0.0.0.0, časová značka: 0x4270f18a
Názov chybujúceho modulu: d3d9.dll, verzia: 1.0.0.1, časová značka: 0x53f6a1ec
Kód výnimky: 0xc0000005
Odstup chyby: 0x0001f0b3
Identifikácia chybujúceho procesu: 0x398
Čas spustenia chybujúcej aplikácie: 0xgta_sa.exe0
Cesta chybujúcej aplikácie: gta_sa.exe1
Cesta chybujúceho modulu: gta_sa.exe2
Identifikácia hlásenia: gta_sa.exe3
Celé meno chybujúceho balíka: gta_sa.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: gta_sa.exe5


System errors:
=============
Error: (01/28/2016 02:24:18 PM) (Source: DCOM) (EventID: 10010) (User: Hanus-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/28/2016 02:23:48 PM) (Source: DCOM) (EventID: 10010) (User: Hanus-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/28/2016 01:49:01 PM) (Source: DCOM) (EventID: 10010) (User: Hanus-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/28/2016 01:48:37 PM) (Source: DCOM) (EventID: 10010) (User: Hanus-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/28/2016 09:01:19 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (01/28/2016 09:01:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\WINDOWS\system32\athExt.dll
Kód chyby: 126

Error: (01/27/2016 09:39:51 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (01/27/2016 09:39:47 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\WINDOWS\system32\athExt.dll
Kód chyby: 126

Error: (01/26/2016 08:26:17 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (01/26/2016 08:26:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\WINDOWS\system32\athExt.dll
Kód chyby: 126


CodeIntegrity:
===================================
Date: 2016-01-24 08:50:38.540
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-23 08:18:38.571
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-22 16:09:36.388
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-22 13:31:05.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-21 13:31:45.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-20 13:35:30.403
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 16:57:46.618
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 14:04:57.579
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-18 13:47:16.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 08:37:20.307
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 4035.32 MB
Available physical RAM: 2800.58 MB
Total Virtual: 7875.32 MB
Available Virtual: 6618.51 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:223.88 GB) (Free:118.15 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.88 GB) (Free:98.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1761ADAE)

Partition: GPT.

==================== End of Addition.txt ============================

[jaro3]

Co máš za funkční antivir?
Windows Defender ?

Co ten Norton Security se zálohováním? Používáš to?
2016-01-08 15:53 - 2016-01-08 15:53 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-08 15:31 - 2016-01-08 15:33 - 00000000 ____D C:\NPE
2016-01-08 15:28 - 2016-01-25 08:46 - 00000000 ____D C:\ProgramData\Norton
2016-01-08 15:28 - 2016-01-08 15:39 - 00000000 ____D C:\Users\Hanus\AppData\Local\NPE
Task: {69C37424-42A1-482B-A5D4-95EA5CFA5E93} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security se zálohováním\Upgrade.exe [2016-01-06] (Symantec Corporation)




Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
Task: {A8831B12-DF95-4462-8F19-C6BAF255F5BF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
MSCONFIG\Services: SkypeUpdate => 2

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[Bayomet69]

Norton som asi pred tyždnom vymazal a tušim aj automaticky zálohoval,teraz používam windows defender

[Bayomet69]

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Hanus (2016-01-29 12:57:08) Run:2
Running from C:\Users\Hanus\Desktop
Loaded Profiles: Hanus (Available Profiles: Hanus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3812361727-838257335-1277264128-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
Task: {A8831B12-DF95-4462-8F19-C6BAF255F5BF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
MSCONFIG\Services: SkypeUpdate => 2

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-3812361727-838257335-1277264128-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A8831B12-DF95-4462-8F19-C6BAF255F5BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8831B12-DF95-4462-8F19-C6BAF255F5BF}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
MSCONFIG\Services: SkypeUpdate => 2 => Error: No automatic fix found for this entry.
EmptyTemp: => 416 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:57:12 ====

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
C:\ProgramData\NortonInstaller
C:\NPE
C:\ProgramData\Norton
C:\Users\Hanus\AppData\Local\NPE
Task: {69C37424-42A1-482B-A5D4-95EA5CFA5E93} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security se zálohováním\Upgrade.exe [2016-01-06] (Symantec Corporation)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

co problémy?

[Bayomet69]

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Hanus (2016-01-29 21:00:05) Run:3
Running from C:\Users\Hanus\Desktop
Loaded Profiles: Hanus (Available Profiles: Hanus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
C:\ProgramData\NortonInstaller
C:\NPE
C:\ProgramData\Norton
C:\Users\Hanus\AppData\Local\NPE
Task: {69C37424-42A1-482B-A5D4-95EA5CFA5E93} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security se zálohováním\Upgrade.exe [2016-01-06] (Symantec Corporation)

EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\NortonInstaller => moved successfully
C:\NPE => moved successfully
C:\ProgramData\Norton => moved successfully
C:\Users\Hanus\AppData\Local\NPE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69C37424-42A1-482B-A5D4-95EA5CFA5E93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69C37424-42A1-482B-A5D4-95EA5CFA5E93}" => key removed successfully
C:\WINDOWS\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => key removed successfully
EmptyTemp: => 467.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:00:11 ====

[jaro3]

Co problémy?

[Bayomet69]

Zapínanie a chod PC po zapnutí je stále pomalý,po zapnutí sa ikonky pomaly načítavaju..programy po zapnutí mám povypínane..ked sa už PC rozbehne tak je to lepšie jak predtým ale trvá než sa PC rozbehne :/

[Orcus]

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku. Zobrazí-li se hlášení o omezení free verze. Spusť memtest tolikrát, kolikrát bude nutné pro zaplnění celé operační paměti.

====================================================

Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Nemáš málo volného místa na disku?

====================================================

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.