Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown folders and files TROJ_CIVIRDAT.D?


  • This topic is locked This topic is locked
3 replies to this topic

#1 sabbath69

sabbath69

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 15 March 2017 - 12:19 PM

Hi , I was sent here from https://www.bleepingcomputer.com/forums/t/641862/troj-civirdatd/

C:\Users\jaro\AppData\Local\Temp  This folder contains:

 

 

22385769.od

AdobeARM.log

CProgram Files (x86)Opera N42.0.2393.517opera_autoupdate.download.lock

CProgram Files (x86)Opera N42.0.2393.517opera_autoupdate.metrics.lock

CVR9469.tmp.cvr

etilqs_5enaBSJFQNxDBtB

etilqs_e7sIiqzjPd1WJNV

etilqs_GNdqHQO11BIuqcP

FXSAPIDebugLogFile.txt

msohtmlclip

msohtmlclip1

nsmCCC2.tmp

opera_crashreporter.log

VBE

~DF0EB518E62555EC12.TMP

~DF3B3FB3EC0258D933.TMP

~DFC2DCDB03F4140D52.TMP

~DFC962B0B1759216F0.TMP

 

some folders and files I had to move, and vložitl on VirusTotal. Without finding.Even if you delete them, then they return. Some can not be deleted.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by jaro (administrator) on JARO-PC (15-03-2017 18:05:00)
Running from C:\Users\jaro\Desktop
Loaded Profiles: jaro & NeroMediaHomeUser.4 (Available Profiles: jaro & NeroMediaHomeUser.4)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera Next\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Gear\GearHelp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Opera Software) C:\Program Files (x86)\Opera Next\opera.exe
(Opera Software) C:\Program Files (x86)\Opera N\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera N\42.0.2393.517\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera N\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera N\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera N\42.0.2393.517\opera.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Ai Gear Help] => C:\Program Files (x86)\ASUS\AI Gear\GearHelp.exe [440832 2009-08-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [516296 2016-03-14] (CyberLink Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE*
HKU\S-1-5-21-504466202-714579718-3489303643-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-504466202-714579718-3489303643-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-504466202-714579718-3489303643-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2008-12-06] (Hewlett-Packard Company)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [ProgLauncher] => C:\Program Files (x86)\ProgDVB\ProgLauncher.exe [400584 2016-07-31] ()
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [Creative MediaSource Go] => C:\Program Files (x86)\Creative\MediaSource\GO\CTCMSGo.exe
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [RemoteCenter] => C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RCMan.EXE
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\RunOnce: [CMSRegOW.exe] => "C:\Program Files (x86)\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\RunOnce: [Inetreg] => C:\Program Files (x86)\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe [168448 2001-09-04] (InstallShield Software Corporation)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-504466202-714579718-3489303643-1007\...\RunOnce: [StartMSu] => C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe [81920 2009-04-29] (Creative Technology Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{573ED696-F507-44CA-94C8-766C6BEB0B1E}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-504466202-714579718-3489303643-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-504466202-714579718-3489303643-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-504466202-714579718-3489303643-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\jaro\AppData\Roaming\Mozilla\Firefox\Profiles\qf09ulqf.default-1445790604955 [2017-03-11]
FF NewTab: Mozilla\Firefox\Profiles\qf09ulqf.default-1445790604955 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\qf09ulqf.default-1445790604955 -> www.seznam.cz
FF Extension: (Video DownloadHelper) - C:\Users\jaro\AppData\Roaming\Mozilla\Firefox\Profiles\qf09ulqf.default-1445790604955\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.5 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-09-08] (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.5 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-09-08] (Microsoft Corp)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012-01-18] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

Opera:
=======
StartMenuInternet: (HKLM) OperaNext - C:\Program Files (x86)\Opera Next\Opera.exe
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera N\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519144 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2011-01-29] (AVerMedia) [File not signed]
S4 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-04-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-01-15] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
S1 DVBNet; C:\Windows\System32\DRIVERS\DVBNet.sys [39448 2009-03-12] (DVB Provider)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-07-13] (Paragon Software Group)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-08-10] (Zemana Ltd.)
R3 MPEVirtual; C:\Windows\System32\DRIVERS\MPEVirtual.sys [104752 2008-11-07] (TBS Technologies)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R3 TBS8922; C:\Windows\System32\drivers\tbs8922.sys [222128 2013-11-18] (TBS )
R3 tbs8922vhid; C:\Windows\System32\drivers\tbs8922vhid.sys [24880 2013-11-18] (Turbosight Ltd. www.tbsdtv.com)
R3 TRIDCap; C:\Windows\System32\DRIVERS\AVerTM62_x64.sys [1103744 2013-10-08] (AVerMedia TECHNOLOGIES, Inc. )
S3 U6000ALL; C:\Windows\System32\DRIVERS\U6000ALL.sys [276480 2007-07-13] () [File not signed]
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-04-02] (CyberLink Corp.)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [29624 2016-03-14] (CyberLink Corp.)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S4 CPSBDA; System32\Drivers\cpsbda.sys [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 15:12 - 2017-03-15 15:12 - 03884638 _____ C:\Users\jaro\Downloads\LG-32LG2100.rar
2017-03-12 15:00 - 2017-03-12 15:00 - 04031440 _____ C:\Users\jaro\Desktop\AdwCleaner.exe
2017-03-12 09:26 - 2017-03-12 09:32 - 00237536 _____ C:\TDSSKiller.3.1.0.12_12.03.2017_09.26.48_log.txt
2017-03-12 09:26 - 2017-03-12 09:26 - 00000000 ____D C:\Users\jaro\Desktop\tdsskiller
2017-03-12 09:19 - 2017-03-12 09:19 - 08932000 _____ (Solvusoft Corporation ) C:\Users\jaro\Desktop\Setup_WinThruster_2016.exe
2017-03-12 09:18 - 2017-03-12 09:18 - 04656523 _____ C:\Users\jaro\Desktop\tdsskiller.zip
2017-03-11 20:58 - 2017-03-11 20:58 - 04335672 _____ C:\Users\jaro\Desktop\zoek.rar
2017-03-11 20:56 - 2017-03-11 20:56 - 26044488 _____ C:\Users\jaro\Desktop\RogueKillerX64.exe
2017-03-11 20:55 - 2017-03-11 20:55 - 01663736 _____ (Malwarebytes) C:\Users\jaro\Desktop\JRT.exe
2017-03-11 17:12 - 2017-03-11 17:14 - 00002422 _____ C:\RannohDecryptor.1.9.6.1_11.03.2017_17.12.25_log.txt
2017-03-11 17:12 - 2017-03-11 17:12 - 00000000 ____D C:\Users\jaro\Desktop\rannohdecryptor
2017-03-11 16:37 - 2017-03-11 16:43 - 00068299 _____ C:\Users\jaro\Desktop\Addition.txt
2017-03-11 16:35 - 2017-03-15 18:05 - 00021720 _____ C:\Users\jaro\Desktop\FRST.txt
2017-03-11 16:04 - 2017-03-11 16:04 - 00000000 ____D C:\_OTL
2017-03-11 15:51 - 2017-03-11 19:41 - 00000366 _____ C:\Users\jaro\Desktop\SystemLook.txt
2017-03-11 15:48 - 2017-03-11 15:48 - 00165376 _____ C:\Users\jaro\Desktop\SystemLook_x64.exe
2017-03-11 15:43 - 2017-03-11 15:43 - 00602112 _____ (OldTimer Tools) C:\Users\jaro\Desktop\OTL.exe
2017-03-11 15:42 - 2017-03-11 15:42 - 00591870 _____ C:\Users\jaro\Desktop\rannohdecryptor.zip
2017-03-11 14:42 - 2017-03-11 14:42 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-11 14:42 - 2017-03-11 14:42 - 00002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2017-03-11 14:42 - 2017-03-11 14:42 - 00000000 ____D C:\ProgramData\Sophos
2017-03-11 14:42 - 2017-03-11 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-11 14:42 - 2017-03-11 14:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-11 13:04 - 2017-03-12 15:02 - 00000000 ____D C:\AdwCleaner
2017-03-07 08:36 - 2017-03-11 13:01 - 00000000 ____D C:\Users\jaro\AppData\Local\CrashDumps
2017-03-02 09:14 - 2017-03-02 09:14 - 00000000 ____D C:\Users\jaro\AppData\Local\Apple
2017-03-01 23:10 - 2017-03-11 17:04 - 00004334 _____ C:\Users\jaro\Desktop\Fixlog.txt
2017-03-01 22:36 - 2017-03-15 18:05 - 00000000 ____D C:\FRST
2017-03-01 22:36 - 2017-03-15 17:59 - 02424832 _____ (Farbar) C:\Users\jaro\Desktop\FRST64.exe
2017-03-01 20:04 - 2017-03-01 20:04 - 00000000 ____D C:\Users\jaro\AppData\Local\Adobe
2017-02-24 00:35 - 2017-02-24 00:35 - 00715038 _____ C:\Windows\unins000.exe
2017-02-24 00:35 - 2017-02-24 00:35 - 00003153 _____ C:\Windows\unins000.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 18:02 - 2011-11-23 10:47 - 02810880 _____ C:\Users\jaro\Documents\Outlook.pst
2017-03-15 17:59 - 2015-09-03 18:13 - 00000000 ____D C:\Users\jaro\Documents\Antiviry-doc
2017-03-15 15:36 - 2017-02-08 15:41 - 00030528 _____ C:\Windows\system32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
2017-03-15 15:36 - 2017-02-08 15:41 - 00030528 _____ C:\Windows\system32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
2017-03-15 15:36 - 2017-02-08 15:41 - 00011564 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
2017-03-15 15:36 - 2011-11-22 19:05 - 00034240 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
2017-03-15 15:36 - 2011-11-22 19:05 - 00034240 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
2017-03-15 14:59 - 2013-07-21 23:21 - 00000000 ____D C:\Users\jaro\Documents\Elektro
2017-03-15 09:15 - 2011-11-23 00:03 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-15 09:15 - 2011-11-23 00:03 - 00000833 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-03-15 08:52 - 2011-11-22 23:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 08:51 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-15 08:51 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-15 08:48 - 2014-08-04 14:44 - 00000000 ____D C:\Program Files (x86)\Opera N
2017-03-15 08:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-15 01:18 - 2014-09-02 09:55 - 00000000 ____D C:\Users\jaro\Documents\zobrazení z ct24
2017-03-15 01:05 - 2016-04-07 20:18 - 00004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 01:05 - 2015-10-24 15:01 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 01:05 - 2012-04-01 07:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 01:05 - 2011-11-22 23:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 01:05 - 2011-11-22 23:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 09:48 - 2013-08-01 00:58 - 00000000 ____D C:\Users\jaro\Documents\Programy
2017-03-11 21:08 - 2014-07-16 12:14 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-11 20:40 - 2012-04-05 08:20 - 00000000 ____D C:\Users\jaro\AppData\Local\ElevatedDiagnostics
2017-03-11 19:48 - 2014-06-26 18:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 16:07 - 2017-01-18 22:37 - 00102514 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-11 14:53 - 2011-11-23 23:16 - 00000000 ____D C:\Users\jaro\Documents\SAT_SOFT
2017-03-11 14:51 - 2016-12-15 12:02 - 00000000 ____D C:\Users\jaro\Desktop\zoek
2017-03-11 14:40 - 2016-12-15 09:36 - 163676904 _____ (Sophos Limited) C:\Users\jaro\Desktop\Sophos Virus Removal Tool.exe
2017-03-11 14:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-11 00:05 - 2016-11-19 09:37 - 00000000 ____D C:\Users\jaro\AppData\LocalLow\Mozilla
2017-03-10 20:06 - 2012-08-15 21:12 - 00000000 ____D C:\Users\jaro\Documents\CDs
2017-03-02 23:30 - 2016-10-09 22:44 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-02 23:30 - 2016-05-14 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-02 23:30 - 2013-05-08 09:02 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-02 23:30 - 2013-03-30 09:34 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-02 23:30 - 2013-03-30 09:34 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-02 23:30 - 2013-03-30 09:34 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-02 09:33 - 2016-08-15 21:38 - 00000000 ____D C:\ProgramData\ProgDVB
2017-03-02 09:33 - 2016-08-15 21:37 - 00000000 ____D C:\Program Files\ProgDVB x64
2017-03-01 19:19 - 2014-06-18 22:42 - 00000000 ____D C:\Windows\erdnt
2017-03-01 19:14 - 2015-10-26 22:20 - 00000940 _____ C:\DelFix.txt
2017-03-01 10:10 - 2016-12-15 09:31 - 00797760 _____ C:\Users\jaro\Desktop\delfix_1.013.exe
2017-03-01 10:01 - 2016-02-09 23:03 - 00050688 _____ (Atribune.org) C:\Users\jaro\Desktop\ATF-Cleaner.exe
2017-02-24 00:49 - 2017-02-08 12:24 - 00000000 ____D C:\Users\jaro\Documents\TBS
2017-02-23 08:55 - 2015-11-08 13:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-01-29 23:28 - 2016-01-29 23:28 - 0007859 _____ () C:\Users\jaro\AppData\Roaming\pcouffin.cat
2016-01-29 23:28 - 2016-01-29 23:28 - 0001167 _____ () C:\Users\jaro\AppData\Roaming\pcouffin.inf
2017-02-09 09:48 - 2017-02-09 09:48 - 0000872 _____ () C:\Users\jaro\AppData\Local\recently-used.xbel
2013-07-11 20:38 - 2015-01-09 12:33 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
2017-01-14 16:23 - 2017-01-14 16:23 - 0000163 _____ () C:\ProgramData\DVBViewer.log
2015-10-22 17:56 - 2015-10-22 17:56 - 0012759 _____ () C:\ProgramData\mxnhytee.feu

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-11 20:33

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by jaro (15-03-2017 18:06:13)
Running from C:\Users\jaro\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-11-22 17:42:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-504466202-714579718-3489303643-500 - Administrator - Disabled)
Guest (S-1-5-21-504466202-714579718-3489303643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-504466202-714579718-3489303643-1002 - Limited - Enabled)
jaro (S-1-5-21-504466202-714579718-3489303643-1001 - Administrator - Enabled) => C:\Users\jaro
NeroMediaHomeUser.4 (S-1-5-21-504466202-714579718-3489303643-1007 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4.jaro-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AI Gear (HKLM-x32\...\{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}) (Version: 1.00.17 - )
Aktualizace NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.17.17 - ASUSTeK Computer Inc.)
AVer MediaCenter 3D (HKLM-x32\...\InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}) (Version: 1.7.9 - AVerMedia Technologies, Inc.)
AVer MediaCenter 3D (x32 Version: 1.7.9 - AVerMedia Technologies, Inc.) Hidden
AVerMedia H727 PCIe Hybrid DVBT HDMI Capture Device 1.54.64.42 (HKLM-x32\...\AVerMedia H727 PCIe Hybrid DVBT HDMI Capture Device) (Version: 1.54.64.42 - AVerMedia TECHNOLOGIES, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Balíček ovladače systému Windows - TBS (TBS8922) Media (11/18/2013 1.0.1.6) (HKLM\...\D54BA23F45EB16DD1D6FF5CF2D966B715A58F21C) (Version: 11/18/2013 1.0.1.6 - TBS)
Balíček ovladače systému Windows - TBS (tbs8922vhid) HIDClass (12/20/2011 1.0.3.0) (HKLM\...\84D13B77B508F1F2CBCD98DCD810DD200EDCF2F8) (Version: 12/20/2011 1.0.3.0 - TBS)
Brother MFL-Pro Suite DCP-135C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cisco Unity Diagnostic Tool (HKLM-x32\...\{3E26E489-E711-4877-8F8B-FF68FD5DC59D}) (Version: 4.03.0010 - Cisco Systems, Inc.)
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version: - )
Corel WinDVD (x32 Version: 11 - Corel Inc.) Hidden
Corel WinDVD Pro 11 (HKLM-x32\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink H.264/AVC video decoder (HKLM-x32\...\cyberlnH) (Version: 03/10/2006 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1705 - CyberLink Corp.)
CyberLink PowerDVD 10.0.1516.51 - odinstalovat češtinu (HKLM-x32\...\CyberLink PowerDVD 10.0.1516.51) (Version: - Michellin & Pavlík)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.1510.60 - CyberLink Corp.)
Debugging Tools for Windows (HKLM-x32\...\{16F22B31-9893-414F-98E0-D02CBDC287C9}) (Version: 6.6.3.5 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Document Express DjVu Plug-in (HKLM-x32\...\{C98876CB-9847-4DCB-96F6-98CD5D66D2E2}) (Version: 6.1.27999 - Caminova, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manuál (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Uživatelská příručka) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IBMpass 2.2 Lite (HKLM-x32\...\{EF1E9362-25A9-45B7-8D55-7B1527ED9A88}) (Version: 2.1.500 - Victor Voinea)
ICA (x32 Version: 1.0 - Corel Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
IPM (x32 Version: 1.00.0000 - Corel Inc.) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.58.0 - Microsoft) Hidden
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version: - Maxthon International Limited)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - CSY Lang Pack (HKLM-x32\...\{62F59D97-D1B0-4550-80BE-BC5BA30CBCB4}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.2 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Diagnostics and Recovery Toolset 6.5 (HKLM\...\{74F18B42-D441-4E7F-8984-BDF8050B180D}) (Version: 6.05.0000 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 11 Beta Updates (KB2677574) (HKLM-x32\...\{fbef759d-4e82-474b-862b-ca4b76941b05}) (Version: 11.0.50323 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{9F95E499-93DA-41C5-8D12-6BE59C0867F6}) (Version: 3.1236.1310 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider Nov 2011 (HKLM-x32\...\{16B1C956-EA06-4C26-8AE5-A4686804EDD7}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{54AC5197-9CE4-4C42-B191-16F5918479EC}) (Version: 4.0.1307 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{D6D5CB84-0E6E-4E69-B300-C690B6911029}) (Version: 8.3.20 - Nero AG)
Nero MediaHome 4 Essentials (HKLM-x32\...\{d52c195e-ec9e-4ad0-9f8d-772df1307c22}) (Version: - Nero AG)
NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 1.4 - NewBlue)
NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 1.4 - NewBlue)
NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 1.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Sampler Pack for Windows (HKLM-x32\...\NewBlue Sampler Pack for Windows) (Version: 1.4 - NewBlue)
NewBlue Stabilizer for Windows (HKLM-x32\...\NewBlue Stabilizer for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 1.4 - NewBlue)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com)
Off Road (HKLM-x32\...\{9135BA5B-51B4-49BF-867A-D152B5CE67D4}) (Version: 1.00.0000 - Xplosiv)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Next 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Opera Stable 42.0.2393.517 (HKLM-x32\...\Opera 42.0.2393.517) (Version: 42.0.2393.517 - Opera Software)
Ovládací panel NVIDIA 355.82 (Version: 355.82 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 11 SE Personal (HKLM-x32\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
ProgDVB (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog)
Prohlížeč nápovědy Microsoft 2.0 – jazyková sada - CSY (HKLM-x32\...\Prohlížeč nápovědy Microsoft 2.0 – jazyková sada - CSY) (Version: 2.0.50727 - Microsoft Corporation)
Prohlížeč nápovědy Microsoft 2.0 – jazyková sada - CSY (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Setup (x32 Version: 11.0 - Corel Inc.) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Sound Forge Pro 10.0 (HKLM-x32\...\{3F9170C9-A7C2-408F-A4D8-EC77250040BF}) (Version: 10.0.368 - Sony)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander Ultima Prime 5.5.0.0 (HKLM-x32\...\TC UP) (Version: 5.5.0.0 - Robert Łajka & Paweł Porwisz)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 10.0 (64-bit) (HKLM\...\{7A92C561-A1D5-11E0-92E1-0013D3D69929}) (Version: 10.0.738 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{E287CD67-9542-4B20-A091-6BA114861DB2}) (Version: 4.1.61406.0 - Microsoft Corporation)
Windows 7 Codec Pack 4.1.5 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.5 - Windows 7 Codec Pack)
Windows Driver Kit (HKLM-x32\...\{9944163f-2367-4db7-ac77-b4963ca06996}) (Version: 8.58.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D55EDD-E93D-424E-96BB-D8390BB81534} - System32\Tasks\{5D67ACE0-819F-4197-8815-B1A3C510CF3D} => C:\Users\jaro\Documents\Tor\Tor Browser\Start Tor Browser.exe
Task: {06232702-6053-4CAE-930B-7A5EF7213DC6} - System32\Tasks\{100D77BA-7872-44A5-AACD-5815649CEA79} => pcalua.exe -a C:\Users\jaro\Desktop\vcredist_x86.exe -d C:\Users\jaro\Desktop
Task: {157B6AB4-75F3-43DC-B4D3-F79DC6AECFF2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1C3C40E8-D4C6-4989-9643-9AF09C44FED4} - System32\Tasks\{BCF8A836-6371-4E6D-974B-F7DD53C30FF1} => D:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\crack_x64.exe
Task: {268DC5C9-CAD2-4420-9042-CA324DEC7824} - System32\Tasks\{B7352077-7F26-4F5A-8649-ED608FFA9938} => D:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\Guitar_Pro_6.0.7_b1_r8607_Repack_Setup.exe
Task: {2BF3EDC8-C8E1-41F1-8BAE-F3A57858E728} - System32\Tasks\{6AD93CB5-D9B0-42C9-B186-674CB8C72008} => C:\Users\jaro\Documents\Elektro\asus\6033_Alientools.PDF\Alientools.PDF.Recover.v2.5.Full (снятие защиты)\pdfrecover.exe [2009-03-22] ()
Task: {2CB90711-4217-4489-A211-F32CE6D57E98} - System32\Tasks\{A5A133E6-6D27-4BB6-A250-DF89ED5132FA} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {2FCA1600-F63C-4B55-BF21-4B9EC7AB9EBC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {30FF040F-8656-47AC-B6BE-DD336AD08A67} - System32\Tasks\{5CCCB23F-994E-4DFB-9C56-4ECB936C22D7} => C:\Users\jaro\Documents\Programy elektro\3152_Fg1\fg.exe
Task: {37DD87FC-9CF2-4457-9A39-92797EFC49C4} - System32\Tasks\{B6D6D86D-9865-4C65-A5B2-1D23812F6EFC} => pcalua.exe -a "C:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\crack_x64.exe" -d "C:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL"
Task: {3B80249D-FDE5-4DD2-A9B6-A378AF9027CA} - System32\Tasks\{66C8AD65-0771-4956-BA1E-6B6BA0BD22CB} => C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
Task: {3FB38834-6820-4ACF-B76D-08A342FFF15F} - System32\Tasks\{801009A3-B3ED-4F87-8429-604422214DE3} => pcalua.exe -a "D:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\crack_x64.exe" -d "D:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL"
Task: {41B238D4-75C5-452E-B88E-0984CAEFD7BB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {42089D0F-B414-4541-998B-5CB88C7C6433} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4C0C2E92-4290-46CE-8DF9-10D7B542FD1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {53A86E5F-58F3-4A7B-A312-51B4F5DEBB46} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {565FA6BE-EF8B-470A-8FD0-D7138811546E} - System32\Tasks\Opera scheduled Autoupdate 1407159942 => C:\Program Files (x86)\Opera N\launcher.exe [2017-01-26] (Opera Software)
Task: {5A018568-C2C3-4006-841D-02EC664C333B} - System32\Tasks\{D2DD4589-92D7-4D6B-BABD-0A4427778537} => C:\Users\jaro\Documents\Programy elektro\ORCAD CaptureViewer51\CaptureViewer51.exe
Task: {5D145E88-CCFC-43F6-BF98-0DFFFD8F2E02} - System32\Tasks\{CAC5D96E-4C32-4428-A56A-6E2FC9216A5B} => C:\games\icytower1.5\icytower15.exe [2011-01-13] ()
Task: {6E5E876B-0240-4FFA-AF49-B1742D59B145} - System32\Tasks\{01E48D53-674F-4CF1-A0D9-7824028268DD} => pcalua.exe -a "C:\Users\jaro\Documents\Elektro\asus\6033_Alientools.PDF\Alientools.PDF.Recover.v2.5.Full (снятие защиты)\pdfrecover.exe" -d "C:\Users\jaro\Documents\Elektro\asus\6033_Alientools.PDF\Alientools.PDF.Recover.v2.5.Full (снятие защиты)"
Task: {70D4C405-CB8B-43B5-BBDA-1BD385B6573C} - System32\Tasks\{28BCBAFA-C147-4BCA-95E7-E6BCA16E045A} => pcalua.exe -a "C:\Users\jaro\Documents\Programy elektro\15073_______DSN\Софт для просмотра схем в формате DSN\ORCAD CaptureViewer51\CaptureViewer51.exe" -d "C:\Users\jaro\Documents\Programy elektro\15073_______DSN\Софт для просмотра схем в формате DSN\ORCAD CaptureViewer51"
Task: {718F818F-74DE-4C4C-8CD8-9C4271E5A64F} - System32\Tasks\{8C9F55AF-7AB0-48F9-A310-704A0376266E} => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-02-28] (Nero AG)
Task: {736C0FC3-935C-4B5C-AFD6-D84FA2AD29AE} - System32\Tasks\{42AC1893-448F-44AE-947A-E6A87E34E170} => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-02-28] (Nero AG)
Task: {7BA8A270-35BE-4AE7-A2CC-455B13920ED9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {854548CB-EF16-45F1-8F9C-3E4AF003A2C2} - System32\Tasks\{29BCCE87-C6E9-4446-8C8C-EF3AF5E83D0E} => C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
Task: {8595F426-B51A-44FA-B9E4-6D11249670E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {94ECDF9E-A89C-4C02-819F-00D88EB80C4C} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2012-08-31] (Maxthon International ltd.)
Task: {976894FF-4F94-4666-8719-231FC676DF83} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {98D7F9C8-C233-4C12-B12A-7C9F50B9E2D6} - System32\Tasks\{19257D63-9EC8-4289-8B2A-9694E3EC90DA} => C:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\crack_x64.exe
Task: {994CFD0F-1F1F-48D7-8060-4741A84E4BB2} - System32\Tasks\{AD436CE5-3CF6-4DFE-AA0A-C28CE7B8BA9F} => C:\Users\jaro\Documents\Elektro\asus\6033_Alientools.PDF\Alientools.PDF.Recover.v2.5.Full (снятие защиты)\pdfrecover.exe [2009-03-22] ()
Task: {9C2E8129-C975-4E81-A4C3-2EACC8F963F9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {9F366062-5163-4360-9D2B-4D8FCA8FA8D0} - System32\Tasks\{10DB474B-81F9-4762-B093-60E96C002F19} => C:\Users\jaro\Documents\Elektro\asus\6033_Alientools.PDF\Alientools.PDF.Recover.v2.5.Full (снятие защиты)\pdfrecover.exe [2009-03-22] ()
Task: {ABA725A9-9C0B-426E-BB03-F33B1D4147C3} - System32\Tasks\{991ACD16-EA25-405D-8791-B586C925D16E} => C:\Users\jaro\Documents\Music\Guitar Pro 6.0.7 b1 r8607 FULL\crack_x64.exe
Task: {B658E2FB-0794-4732-9EEB-F44F735CD262} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {B6A6913F-B84D-4E86-AB6C-122EE1783452} - System32\Tasks\{DE4B188F-7276-481A-8156-EB79831B6922} => pcalua.exe -a D:\SBAX_WEBUP_LB_2_08_0004.exe -d D:\
Task: {BE317CCB-A968-4184-B6CE-432142C787FC} - System32\Tasks\{BD96BF13-7AE7-4B7A-B98B-5877F2F9A69F} => pcalua.exe -a D:\Audigy2ZSVistax64\SBAXVSD_PCDRV_LB_2_12_0002.exe -d D:\Audigy2ZSVistax64
Task: {DB09D724-3A5E-4123-96B5-6E774F5540A0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-504466202-714579718-3489303643-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EE6F4F54-C467-4FD6-9B9E-2C627E54A1AE} - System32\Tasks\{84EBF713-5E3B-4124-9F17-AB00B4D12D35} => C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
Task: {F939BAC7-5416-45B2-BBD3-CF895DAC5BEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jaro\Documents\SAT_SOFT\FunCard\PicBinEdit v 2.0 RUS oll\PicBinEdit v 2.0 RUS oll\PicBinEdit v 2.0 RUS oll\PicBinEdit v 2.0 RUS oll\Ярлык для Picbined.lnk -> C:\Programmator\Editors\PicBinEdit v 2.0\Picbined.exe (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2011-11-24 18:13 - 2015-08-25 15:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-10 15:01 - 2009-08-10 15:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 15:00 - 2009-08-10 15:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 15:01 - 2009-08-10 15:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 15:01 - 2009-08-10 15:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2016-11-27 18:55 - 2016-11-27 18:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-03 19:09 - 2017-03-03 19:09 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-07-11 23:13 - 2012-06-10 01:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2011-11-23 13:55 - 2008-12-03 14:05 - 00135168 _____ () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2011-11-23 13:55 - 2008-11-26 10:56 - 00057344 _____ () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2011-11-24 15:16 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00835584 _____ () C:\Program Files (x86)\Opera Next\gstreamer\gstreamer.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00093696 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstaudioconvert.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00094208 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstaudioresample.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00057344 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstautodetect.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00096256 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstcoreplugins.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00062976 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstdecodebin2.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00067072 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstdirectsound.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00158208 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstffmpegcolorspace.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00312832 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstoggdec.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00038912 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstwaveform.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00073728 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstwavparse.dll
2013-08-01 17:17 - 2013-08-01 17:18 - 00101888 _____ () C:\Program Files (x86)\Opera Next\gstreamer\plugins\gstwebmdec.dll
2017-01-29 08:48 - 2017-01-29 08:48 - 68771416 _____ () C:\Program Files (x86)\Opera N\42.0.2393.517\opera.dll
2017-01-29 08:48 - 2017-01-29 08:48 - 01895000 _____ () C:\Program Files (x86)\Opera N\42.0.2393.517\libglesv2.dll
2017-01-29 08:48 - 2017-01-29 08:48 - 00087128 _____ () C:\Program Files (x86)\Opera N\42.0.2393.517\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-04 12:20 - 2017-03-01 12:17 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-504466202-714579718-3489303643-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jaro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AVerScheduleService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TBS-IPdata.lnk => C:\Windows\pss\TBS-IPdata.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^jaro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tuner4PC.lnk => C:\Windows\pss\Tuner4PC.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: ProgLauncher => C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C043D347-B385-4408-9CA8-027164E9056E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B1ACF011-CD0E-4744-8BF2-7C682D35A12E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{8D435A0C-B504-4B3D-B7F9-DACD4478FB0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FBD9829E-5369-41F9-A38A-D790ACDFDB76}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{A095FEAE-83C4-42BA-8D30-375B03EE15AE}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B83DF3AA-6E3D-4DAF-A50F-3411E00F8B0D}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0D4A1575-EB8F-4095-9F01-FCF1EA538FF4}] => (Allow) c:\Program Files (x86)\Corel\WinDVD11\\WinDVD.exe
FirewallRules: [{7A51E17D-A1E8-478A-BD48-60AE9B0CFC45}] => (Allow) c:\Program Files (x86)\Corel\WinDVD11\\WinDVD.exe
FirewallRules: [{5D07DAE2-3045-4917-9A6A-D57DCE3FA9CB}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{86EE0A22-096E-4DC9-88AA-9A7C13D410D1}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [TCP Query User{23DBA0B3-0F99-4E18-9A92-E1C2754D5DBC}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe] => (Allow) C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe
FirewallRules: [UDP Query User{A72268D7-63A1-432C-A09F-B716F678FEB0}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe] => (Allow) C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe
FirewallRules: [{98D1A620-A90A-4C26-8F08-81A99233E9F6}] => (Block) C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe
FirewallRules: [{6E3F608B-F332-43F6-A7A3-58F07A437D5B}] => (Block) C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe
FirewallRules: [{D1002AF2-191C-4923-9EE5-10A6F4B61980}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{3D40C781-B388-4AA9-81A8-44D79800B894}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [TCP Query User{45062769-7890-4F50-B11E-41362F1026AD}C:\program files (x86)\tc up\totalcmd.exe] => (Allow) C:\program files (x86)\tc up\totalcmd.exe
FirewallRules: [UDP Query User{B0380639-5BF8-4D45-B723-F86BD72F330B}C:\program files (x86)\tc up\totalcmd.exe] => (Allow) C:\program files (x86)\tc up\totalcmd.exe
FirewallRules: [{0DCE7222-A5A4-48A1-9420-D60FD5266425}] => (Block) C:\program files (x86)\tc up\totalcmd.exe
FirewallRules: [{6935AF45-C06C-4C57-8E66-90D9379A2857}] => (Block) C:\program files (x86)\tc up\totalcmd.exe
FirewallRules: [TCP Query User{71C84E0A-536C-40F8-AB12-E26BBFBFC8CD}C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe] => (Allow) C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe
FirewallRules: [UDP Query User{A8085FE7-E7A4-41EE-B0B5-2AB740DF6952}C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe] => (Allow) C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe
FirewallRules: [{1441B7D0-3F68-42C2-832C-D9423114E661}] => (Block) C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe
FirewallRules: [{E1BD5A45-757F-4A08-8532-23E7A80D0F97}] => (Block) C:\users\jaro\documents\hdbox\hdtools\dcce2_150\dcc_e2.exe
FirewallRules: [{D742261C-EBA2-4D40-8EBE-CCCAE83C7172}] => (Allow) C:\Program Files (x86)\Opera Next\opera.exe
FirewallRules: [{D72DCB1E-5246-4AA7-9D2E-0B96585F9ABC}] => (Allow) C:\Program Files (x86)\Opera Next\opera.exe
FirewallRules: [{86673DB1-4C91-476F-9058-12E1B624670D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3888B93E-AE1A-456C-87DA-4CE55BC65860}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{509CC9D7-56F2-4B12-8296-10DE79770EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB4DD929-5428-4B99-895D-0CB185FDB4F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{966BBC93-A837-435A-9305-B1CEE562E745}C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe] => (Allow) C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe
FirewallRules: [UDP Query User{6B6731B5-D8C4-4174-863C-DCF9D186F7B0}C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe] => (Allow) C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe
FirewallRules: [{398287EC-9524-452B-AE1B-6F0A99F9AF53}] => (Block) C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe
FirewallRules: [{F616FD0C-0494-4297-850A-BB969F46DCC7}] => (Block) C:\users\jaro\documents\hdbox\hdtools\dcc\dcc\dcc.exe
FirewallRules: [{158C0C89-8997-475F-ACE0-9D0091354EA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{951C5009-0EB2-4635-B2B8-D3C980C3BDA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0B9D1127-F74C-4048-9CEE-84BD91A7AD46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F46E5E4-C590-41E6-96C1-DDF48899D384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{12C4576E-F618-4676-9267-9F0D8B1730DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{19D6C3B1-6653-4386-8B27-BF18473C2FC8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2B0E23CD-FA10-474A-8645-85ED14253628}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{87CC8C1A-E616-43CB-B55C-391AF17017DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{714CB763-7DF0-4C97-B259-124902178176}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27B209CE-2707-49E7-B70C-B2D7CB5F86A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A74162A7-4FBF-45FE-904A-7DAC7E27BE76}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1BCDC533-23F0-4544-89EE-0DE62FD91C06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E3ED78E3-D8BC-4C6C-9EC6-41C373127553}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DE785963-D8D1-4509-88F0-05E7C2E41115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{060CFC42-F36E-468F-BC6B-A6F88449628C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{92538548-8B50-4990-BD1C-BE4070919BEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D852FFE5-DA53-4AD7-B9A9-BE652B2C2B1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C3F76D2-D69C-4FAB-96C7-62CC3EC18C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE7BE1EB-A8D7-4FFF-A8FB-99AEE8541BC2}] => (Allow) C:\Users\jaro\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{45A524A0-6DE7-40ED-914B-F4B8DB0FBC0F}] => (Allow) C:\Users\jaro\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{6C483A05-C694-484D-AF92-8089F7E7815E}] => (Allow) C:\Users\jaro\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{906146B7-F025-4C3E-8719-2C1AA6D49503}] => (Allow) C:\Users\jaro\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [TCP Query User{DE03F633-3F3F-4E73-9402-CF05AC88EEBA}C:\program files (x86)\dvbviewer\dvbviewer.exe] => (Allow) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [UDP Query User{713E1778-5E3A-4111-A212-D6F7C28D4492}C:\program files (x86)\dvbviewer\dvbviewer.exe] => (Allow) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [{7855C0B5-4397-4DF5-9285-346EB910E015}] => (Block) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [{6AF0A9D5-65AD-4EB1-92B3-09A87043649F}] => (Block) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [{4EC1AC7B-8085-467C-B67D-257D582488D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB1763DE-1F71-4197-B4A1-70130D60AA0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E03C2E9F-FE75-472F-84F5-47D7F45582B7}] => (Allow) C:\Program Files (x86)\ASUS\AsusUpdate\Update.exe
FirewallRules: [{41A5ABEE-9BB9-4592-A821-C9E5261F0BC9}] => (Allow) C:\Program Files (x86)\ASUS\AsusUpdate\Update.exe
FirewallRules: [{F94BFE78-725E-4CB2-B961-51950BE2343F}] => (Allow) C:\Program Files (x86)\ASUS\AsusUpdate\Update.exe
FirewallRules: [{7E2C2C81-873D-4D72-B869-4F8E5E1F77BC}] => (Allow) C:\Program Files (x86)\ASUS\AsusUpdate\Update.exe
FirewallRules: [{ECD5EE09-81C5-455F-871D-94460E7DEAC5}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{026D85C8-B5D3-47A3-9FCB-C85D9635289E}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{A47A5CFD-DA1B-4833-A7F0-E264FB18DBD6}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{3C409001-F33E-41D4-947F-F38394EFBAC7}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{6CB83831-584B-4EE6-8459-D950DEC58D20}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{3E7208EB-D969-4136-881B-B1F4294B8E30}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{B79B075E-BC22-4427-A6DA-AB4A89020C58}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{74642622-C825-4095-BEDD-ADC611DD4A7F}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{FA8387B4-D77F-4663-954B-AC0D9883AF9A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{4ED2EC52-A859-4FA0-9EB7-F7171280027F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{B7079232-2ACF-4FEF-92B7-95A2616E14D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{3708987C-3D92-4366-8F73-A122469FEC07}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{DDA4CF0F-1648-46F4-83C2-FB6502F9FE34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{978403FF-9339-471A-86CA-F7493C7E86DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{67F4DCFC-ABE1-4475-8069-74AD80AB6D26}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{A04578A6-EACC-4705-8247-0AFA5742480B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{4A109F6C-2336-4A15-A768-EE05D2985E76}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{74B8AE6A-6917-41ED-9B1D-E97DDC8DA347}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{094F1873-4FCC-41C1-A764-9667AF2C5DCB}] => (Allow) C:\Program Files (x86)\Opera N\42.0.2393.137\opera.exe
FirewallRules: [{9F839EE3-5D73-4434-B515-500962DA3CFF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{443DD29B-68B6-4D36-BE4F-41229FF059BE}] => (Allow) C:\Program Files (x86)\Opera N\42.0.2393.517\opera.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Creative Game Port
Description: Creative Game Port
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2017 08:45:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Avira.ServiceHost.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
Zásobník:
na Avira.OE.WinCore.BackendDeviceIdProvider+<>c__DisplayClass12_0.<DeviceResponseRecieved>b__0(RequestCallback)
na System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].ForEach(System.Action`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.DeviceResponseRecieved(Avira.Acp.Messages.JsonApi.CollectionResponse`1<Avira.OE.WinCore.Interface.AcpTypes.Device>)
na Avira.Acp.AcpMessageBroker+<>c__DisplayClass13_0`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<DispatchRequest>b__0(Avira.Acp.Messages.Response)
na Avira.Acp.AcpMessageBroker.HandleRequest(Avira.Acp.Messages.Request, Avira.Acp.ResponseHandler)
na Avira.Acp.AcpMessageBroker.DispatchRequest[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Avira.Acp.Messages.Request, Avira.Acp.CollectionResponseHandler`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.RequestDevicesFromBackend()
na Avira.OE.WinCore.BackendDeviceIdProvider.GetDeviceId(System.Action`1<System.String>, System.Action`1<System.Exception>)
na Avira.OE.ServiceHost.AcpMessageRepository.RenewalNotifier.SendRenewal()
na Avira.OE.ServiceHost.ServiceHost.Initialize()
na Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/15/2017 08:45:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Avira.ServiceHost.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
Zásobník:
na Avira.OE.WinCore.BackendDeviceIdProvider+<>c__DisplayClass12_0.<DeviceResponseRecieved>b__0(RequestCallback)
na System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].ForEach(System.Action`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.DeviceResponseRecieved(Avira.Acp.Messages.JsonApi.CollectionResponse`1<Avira.OE.WinCore.Interface.AcpTypes.Device>)
na Avira.Acp.AcpMessageBroker+<>c__DisplayClass13_0`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<DispatchRequest>b__0(Avira.Acp.Messages.Response)
na Avira.Acp.AcpMessageBroker.HandleRequest(Avira.Acp.Messages.Request, Avira.Acp.ResponseHandler)
na Avira.Acp.AcpMessageBroker.DispatchRequest[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Avira.Acp.Messages.Request, Avira.Acp.CollectionResponseHandler`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.RequestDevicesFromBackend()
na Avira.OE.WinCore.BackendDeviceIdProvider.GetDeviceId(System.Action`1<System.String>, System.Action`1<System.Exception>)
na Avira.OE.ServiceHost.AcpMessageRepository.RenewalNotifier.SendRenewal()
na Avira.OE.ServiceHost.ServiceHost.Initialize()
na Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/15/2017 08:45:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Avira.ServiceHost.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
Zásobník:
na Avira.OE.WinCore.BackendDeviceIdProvider+<>c__DisplayClass12_0.<DeviceResponseRecieved>b__0(RequestCallback)
na System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].ForEach(System.Action`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.DeviceResponseRecieved(Avira.Acp.Messages.JsonApi.CollectionResponse`1<Avira.OE.WinCore.Interface.AcpTypes.Device>)
na Avira.Acp.AcpMessageBroker+<>c__DisplayClass13_0`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<DispatchRequest>b__0(Avira.Acp.Messages.Response)
na Avira.Acp.AcpMessageBroker.HandleRequest(Avira.Acp.Messages.Request, Avira.Acp.ResponseHandler)
na Avira.Acp.AcpMessageBroker.DispatchRequest[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](Avira.Acp.Messages.Request, Avira.Acp.CollectionResponseHandler`1<System.__Canon>)
na Avira.OE.WinCore.BackendDeviceIdProvider.RequestDevicesFromBackend()
na Avira.OE.WinCore.BackendDeviceIdProvider.GetDeviceId(System.Action`1<System.String>, System.Action`1<System.Exception>)
na Avira.OE.ServiceHost.AcpMessageRepository.RenewalNotifier.SendRenewal()
na Avira.OE.ServiceHost.ServiceHost.Initialize()
na Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.652]: [00004004]: Initialize TwdsMain Class failed!

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.652]: [00004004]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.652]: [00004004]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.324]: [00004004]: Initialize TwdsMain Class failed!

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.324]: [00004004]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/15/2017 08:44:00 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2017/03/15 08:44:00.324]: [00004004]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (03/15/2017 08:43:28 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/15/2017 09:44:42 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (03/15/2017 08:45:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Avira Service Host byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (03/15/2017 08:45:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Service Host byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (03/15/2017 08:45:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Service Host byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (03/15/2017 08:44:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
DVBNet

Error: (03/14/2017 09:04:16 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (03/14/2017 08:57:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Avira Service Host byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (03/14/2017 08:57:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Service Host byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (03/14/2017 08:57:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Service Host byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (03/14/2017 08:56:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
DVBNet


CodeIntegrity:
===================================
Date: 2016-11-24 17:32:41.108
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-24 17:32:37.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 15:59:56.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:59:52.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:32.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:28.470
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:24.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:20.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:17.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 15:57:13.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\UDAAPO64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 46%
Total physical RAM: 6142.49 MB
Available physical RAM: 3310.11 MB
Total Virtual: 12283.18 MB
Available Virtual: 9286.32 MB

==================== Drives ================================

Drive c: (Místní disk) (Fixed) (Total:465.76 GB) (Free:178.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (Místní disk) (Fixed) (Total:125.26 GB) (Free:70.75 GB) NTFS
Drive i: (Místní disk) (Fixed) (Total:172.83 GB) (Free:35.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73CAEFE9)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 1A5940ED)
Partition 1: (Not Active) - (Size=125.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 sabbath69

sabbath69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 15 March 2017 - 05:51 PM

probably nothing wrong

 

 

http://excelmatters.com/2014/12/10/office-update-breaks-activex-controls/

 

FWIW, these files are generated by a program using the SQLite database engine. The etilqs in etilqs_oF0FH4tamunzfdY is lower case SQLite spelled backwards. The rest of the filename are simply randomly selected letters and numbers that attempt to create a unique file name that will not conflict with any previously named file on your system.

https://answers.microsoft.com/en-us/windows/forum/windows_7-files/what-are-etilqs-files/fbab1341-acf2-4013-8394-324f2679aa89

 

I am sorry



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 17 March 2017 - 01:08 PM

No problem.

Sorry for the delay and thanks for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 17 March 2017 - 01:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users