Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Martin (27-02-2018 19:08:07)
Running from C:\Users\Martin\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2017-11-20 00:16:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3658169146-2647879922-1068650298-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3658169146-2647879922-1068650298-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3658169146-2647879922-1068650298-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3658169146-2647879922-1068650298-501 - Limited - Disabled)
Martin (S-1-5-21-3658169146-2647879922-1068650298-1001 - Administrator - Enabled) => C:\Users\Martin
WDAGUtilityAccount (S-1-5-21-3658169146-2647879922-1068650298-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 sk)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 57.0 (x64 sk) (HKLM\...\Mozilla Firefox 57.0 (x64 sk)) (Version: 57.0 - Mozilla)
Mozilla Firefox 58.0.2 (x64 sk) (HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\Mozilla Firefox 58.0.2 (x64 sk)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\Spotify) (Version: 1.0.74.380.g1fcff12a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> E:\Inštalácia programov\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> E:\Inštalácia programov\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> E:\Inštalácia programov\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> E:\Inštalácia programov\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-16] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> [CC]{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-16] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Inštalácia programov\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Inštalácia programov\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-16] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-16] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Inštalácia programov\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Inštalácia programov\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {488259E2-3107-4BC2-B3CF-13B849B0F414} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {5D0EF378-6FAB-447F-9A5A-359FADB6B14F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-16] (AVAST Software)
Task: {86C6E7CC-59D9-444B-843D-9C73C736A231} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8A469B3D-7A3A-4BBE-800C-DF0AD15D4284} - System32\Tasks\CCleanerSkipUAC => E:\Inštalácia programov\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {8C093C56-B106-42E0-8F55-F925C8804DE7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-29] (Adobe Systems Incorporated)
Task: {920B9C1E-07A4-4A6D-9295-4B0FB9A48008} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => E:\Inštalácia programov\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {AB3E1D79-E19B-44CE-A0DA-A8ABDDB480E6} - System32\Tasks\S-1-5-21-3658169146-2647879922-1068650298-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {BFB46B8B-93C0-43E6-B658-8D82F0FD3869} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C07E6F5B-67F7-4B43-986D-73336A5739E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => E:\Inštalácia programov\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F8EC0475-6E83-428B-9D1E-2587185D9797} - System32\Tasks\CCleaner Update => E:\Inštalácia programov\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {FB13350B-C5B8-4584-B79C-D884C36E3CF6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-14 21:26 - 2018-02-10 05:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 21:26 - 2018-02-10 05:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 18:47 - 2018-01-31 18:47 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 18:47 - 2018-01-31 18:47 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-02-14 21:25 - 2018-02-10 05:46 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-13 17:46 - 2017-11-26 13:26 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-02-04 22:40 - 2018-02-04 22:40 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-07 12:07 - 2018-02-07 12:07 - 007910912 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-02-25 21:36 - 2018-02-25 21:36 - 004371456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1802.311.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-02-25 21:36 - 2018-02-25 21:36 - 000605696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1802.311.0_x64__8wekyb3d8bbwe\AppsPreviewProgram.dll
2017-12-15 10:23 - 2017-12-15 10:23 - 004320256 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\Time.exe
2017-12-15 10:23 - 2017-12-15 10:23 - 000899072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\TimeControls.dll
2017-12-15 10:23 - 2017-12-15 10:23 - 000783360 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1712.3352.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2017-07-12 08:28 - 2017-07-12 08:28 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-16 13:14 - 2018-02-16 13:14 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-16 13:14 - 2018-02-16 13:14 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-16 13:14 - 2018-02-16 13:14 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-11-08 15:43 - 000454378 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15596 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\Downloads\vYCdL.jpg
DNS Servers: 147.229.191.143 - 147.229.190.143
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3658169146-2647879922-1068650298-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{D9ABC990-AD74-40BE-8B09-4C6928BA08A7}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3EC8F5BB-65FC-4FA7-816F-5CDA7FBCE392}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{184855F2-6860-4D3D-9201-1F7E34D25D45}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{50D6E83C-721F-41DA-AE7F-42BD4D208DD8}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5823EF51-0ADA-4649-9769-AEA5D223054E}C:\users\martin\downloads\wow cataclysm\backgrounddownloader.exe] => (Block) C:\users\martin\downloads\wow cataclysm\backgrounddownloader.exe
FirewallRules: [TCP Query User{D95B0203-85C0-45FE-B375-EA03AEA9A2A8}C:\users\martin\downloads\wow cataclysm\backgrounddownloader.exe] => (Block) C:\users\martin\downloads\wow cataclysm\backgrounddownloader.exe
FirewallRules: [{407963DF-9219-4FEC-92B4-8865D6DF91B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7A278DC5-A660-4B9B-BF57-28E56D8FC87D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{118F9883-995F-4112-BF49-291040233548}] => (Allow) LPort=54976
FirewallRules: [{355EBFC7-4BED-4827-8A90-24A10ABBA7C4}] => (Allow) LPort=5000
FirewallRules: [{93C4612C-9348-4FD3-BB66-E4552302A00E}] => (Allow) E:\Inštalácia programov\Mozilla Firefox\firefox.exe
FirewallRules: [{70C59A97-A7EA-4B56-AA2E-C5CE61EF2099}] => (Allow) E:\Inštalácia programov\Mozilla Firefox\firefox.exe
FirewallRules: [{4CEF4F80-2FD0-49AB-86E9-53EB5630FCFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{21061DB6-6C60-478F-82C0-35940178376F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A5032BB-DE9A-44CB-A443-47A99F1093CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A0302643-527E-426E-98C8-AB4BE17A10AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7A9AC2B1-5D0E-4C7B-86BB-5B0CC855AA58}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8C069FEC-B467-4B5E-85C9-39B11B63F2BF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D7DE33E4-5EB9-4DF7-BEDA-D926432DDC8F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A4BE2C5C-491C-4CCD-8F0D-2734A2BC12F5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F9558671-F196-46AD-99E0-2E8B8AA3FC2C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6F712BC9-B5D9-4CC8-BAF1-7F4EB9F6DFC0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{218C54D1-BF1F-49BD-80DD-A451960B0D4D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A53E2AA4-7B7E-47AA-8BDA-AAAC1B1C4A95}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{60BA205A-6DA2-4D99-8AED-A86D32F58E64}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CFB5BC35-9443-41E2-AB68-FADD8368688C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4BC55673-47E4-4BB1-9105-E7E13484ACCD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C6D24CA4-E4E5-47AC-98E0-20F49BDA5790}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{739C8191-8540-4E81-AE5E-E468BD78633B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{85F81174-DE5E-4AFB-B371-FAEF47BB0B30}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4229358D-C673-4A33-9B6B-DDA662C5055B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{E2A87712-06EA-498E-84B0-278BE9E93A16}E:\inštalácia programov\mozilla firefox\firefox.exe] => (Block) E:\inštalácia programov\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{54C01760-871B-46DD-BE30-8CFF78F0F5B0}E:\inštalácia programov\mozilla firefox\firefox.exe] => (Block) E:\inštalácia programov\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{178D8355-4166-4A02-9CBD-634E9FB2B6FE}E:\inštalácia programov\starcraft ii\support64\sc2editor_x64.exe] => (Block) E:\inštalácia programov\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{A25B1B49-98B6-44A0-9C49-905EB66EA069}E:\inštalácia programov\starcraft ii\support64\sc2editor_x64.exe] => (Block) E:\inštalácia programov\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{0E7A5457-A77D-4335-9C12-B6F150451C4D}E:\inštalácia programov\diablo iii\x64\diablo iii64.exe] => (Allow) E:\inštalácia programov\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{D39B61DA-50B7-4A84-BC21-2D05775FC0E4}E:\inštalácia programov\diablo iii\x64\diablo iii64.exe] => (Allow) E:\inštalácia programov\diablo iii\x64\diablo iii64.exe
FirewallRules: [{1FA64396-71D6-466C-867A-15276D0A25BC}] => (Block) E:\inštalácia programov\diablo iii\x64\diablo iii64.exe
FirewallRules: [{AD2853D3-F426-4FB2-96C9-FF403F06BCAF}] => (Block) E:\inštalácia programov\diablo iii\x64\diablo iii64.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2018 03:53:13 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Activation context generation failed for "E:\Inštalácia programov\Spybot - Search & Destroy 2\SDWSCSvc.exe".
The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

Error: (02/27/2018 11:39:08 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/26/2018 10:08:08 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/25/2018 09:36:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/21/2018 01:53:08 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/20/2018 12:19:05 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/19/2018 09:45:56 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/18/2018 10:43:53 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/27/2018 04:20:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:17:01 PM) (Source: DCOM) (EventID: 10016) (User: MARTIN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MARTIN-PC\Martin SID (S-1-5-21-3658169146-2647879922-1068650298-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:05:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:05:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:05:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:05:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2018 04:04:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (02/27/2018 04:04:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


CodeIntegrity:
===================================

Date: 2018-02-27 16:00:01.496
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 16:00:01.491
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 16:00:01.480
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 15:59:55.018
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 15:59:55.012
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 15:59:54.985
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-27 15:59:54.961
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 4046.36 MB
Available physical RAM: 2346.38 MB
Total Virtual: 7344.11 MB
Available Virtual: 5008 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.24 GB) (Free:27.62 GB) NTFS
Drive e: () (Fixed) (Total:387.63 GB) (Free:342.76 GB) NTFS

\\?\Volume{f88c47b5-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{f88c47b5-0000-0000-0000-905513000000}\ () (Fixed) (Total:0.79 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F88C47B5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=807 MB) - (Type=27)
Partition 4: (Not Active) - (Size=387.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================