Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Bohus (16-08-2018 07:43:19)
Running from D:\Users\Bohus\Downloads
Windows 10 Pro Version 1803 17134.228 (X64) (2018-05-27 09:22:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-337565027-2083424564-962048763-500 - Administrator - Disabled)
Bohus (S-1-5-21-337565027-2083424564-962048763-1000 - Administrator - Enabled) => C:\Users\Bohus
DefaultAccount (S-1-5-21-337565027-2083424564-962048763-503 - Limited - Disabled)
Guest (S-1-5-21-337565027-2083424564-962048763-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-337565027-2083424564-962048763-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Atom (HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\atom) (Version: 1.16.0 - GitHub Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
calibre 64bit (HKLM\...\{FC12E3F8-E522-4E65-A416-D7BDF41FBBA7}) (Version: 2.68.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.05017 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0BEF117F-BEBD-4948-AF22-210D14736BEC}) (Version: 4.3.05017 - Continental AG) Hidden
Cisco AnyConnect Secure Mobility Client Config File (HKLM-x32\...\{19F2800C-46A1-43F6-A6CB-1ACD11563CBB}) (Version: 1.0.0.0 - Continental AG)
Convert WAV To MP3 1.0 (HKLM-x32\...\Convert WAV To MP3_is1) (Version:  - A Software Plus)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Forza Horizon 3 [FULL REMOVAL] (HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\{2BF89276-C6E6-4E56-AF93-633A36F02D58}_is1) (Version: 1.0.119.1002 - Microsoft Studios)
Forza Motorsport 7 [FULL REMOVAL] (HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\{F0A95FBB-6D6A-4D41-A55F-3803B5044A45}_is1) (Version: 1.130.1736.2 - Microsoft Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: 1.0.350.1 - Rockstar)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
iPass Open Mobile 2.9.4.15918 (HKLM-x32\...\{76EA1E75-AE7F-46D5-BF8D-AF5B7D348678}) (Version:  - Continental AG)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.6 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.29 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.19 - MSI)
nvcc (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvcc_9.1) (Version: 9.1 - NVIDIA Corporation) Hidden
NVIDIA CUDA Development 9.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_9.1) (Version: 9.1 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Ovládací panel NVIDIA 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.82 - NVIDIA Corporation) Hidden
Partition Wizard Home Edition 5.0 (HKLM-x32\...\{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1) (Version:  - MT Solution Ltd.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.6.1 (64-bit) (HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit debug) (HKLM\...\{5CF50751-7F73-43E6-BAF9-5D7F1A818355}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit symbols) (HKLM\...\{6E40D90F-EAA5-4093-AF9E-52FACBE23F3D}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit debug) (HKLM\...\{917E8108-BE03-4547-87FC-F098C92A7D5A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit debug) (HKLM\...\{B150A67C-98C1-4B39-A8A0-609F9A2C8009}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit symbols) (HKLM\...\{18F2C316-948D-4A6F-8E31-88D818F9FE2E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit debug) (HKLM\...\{E14B16ED-21CF-4F16-9C32-E83C5ACAABB9}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit symbols) (HKLM\...\{FF0FFF24-4B74-49F0-BA60-4DA3352434B4}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit debug) (HKLM\...\{24B26A98-CE61-4C29-BE0F-152C97CC0D15}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit symbols) (HKLM\...\{804EDEA0-086D-4595-B816-DB8175F04249}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit debug) (HKLM\...\{CAE72839-BB48-431D-B621-0F5561C09BEA}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit symbols) (HKLM\...\{48EF61AD-9D0C-4225-9ED8-F1FCE01AEC72}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SE0000222 (HKLM-x32\...\SE0000222) (Version: 4.3.05017.0 - Cisco AnyConnect Secure Mobility Client)
SE0000223 (HKLM-x32\...\SE0000223) (Version: 2.9.4.15918 - iPass Open Mobile)
SSD Fresh (HKLM-x32\...\SSD Fresh_is1) (Version: 2015 - Abelssoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com)
The Witcher 3: Wild Hunt (Not-cracked Repack) (HKLM-x32\...\The Witcher 3: Wild Hunt (Not-cracked Repack)_is1) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-27] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-27] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-27] (AVAST Software)
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-27] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09515CB8-9D47-4E81-AFD3-69014FF9F663} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0DD0773B-87A7-4DB5-AC00-787E754D3FC3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1103A8F9-AEFF-46AE-AE0D-F0D5D7CD45DA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {11EA3716-93EB-479E-AFC2-4FDA4335FF9B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-19] (NVIDIA Corporation)
Task: {1BA2A8D2-6E0D-4F0A-950E-672C9FED43D6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {1FE0E937-66B7-47F6-9A89-ABD0A6DC569A} - System32\Tasks\{4E985432-1EDF-4F21-BE44-96DE518149CF} => C:\WINDOWS\system32\pcalua.exe -a D:\Users\Bohus\Desktop\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d D:\Users\Bohus\Desktop
Task: {28B5F694-32C0-45AE-996A-F3B60642C929} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {3002AE83-4FE3-48A5-A981-121FFEC178D3} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {303B8A87-4700-489A-A435-A53617C8EFCF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FBEE6FA-F20F-4449-AFA1-238F054FC5C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {3FF06712-78C7-4C8F-B21F-D218AD6F92E8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {4429C125-4355-4E64-94E1-EA614E027BC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {4EF27AF9-348F-4DCB-ABEE-1E3E1690ADB2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FBABA1A-6BAD-45C9-B716-BDC5A115C7B8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5108B7FD-B329-4C89-9BDB-94607917AB48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {5682163A-DB3A-4FC2-BACB-CC99D2002267} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {58243E66-F570-45C9-B3FF-9FBAE0F3890C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {5C0AF3BC-E4FC-4826-B92A-C74DBF9680E1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-19] (NVIDIA Corporation)
Task: {5D1A1D4C-FF73-4A09-8496-82F9641470FC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {5D421DBA-6CE0-4646-80C1-CA9CB652B51C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-07-27] (AVAST Software)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6C4CC8E9-67D0-4048-A87B-399AE33C215D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-07-27] (AVAST Software)
Task: {6FDBC87E-5829-409C-97A8-51F6C54852BA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {88162EEB-5884-48FB-8E73-DEE45AC24C9A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {88208689-0E5F-4367-95DD-71BA72573CE2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
Task: {8C762E01-F34A-41A7-8A84-3E204B00700E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D11FFD8-549F-496D-A508-7644097D715F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90245615-A62B-4345-92AE-B3DEACCE46C3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9A021219-5067-4CEC-A29C-F5B9E091F6D4} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {9EBA4FF4-6A52-4C39-BC4F-1604F6973532} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {9FD4919C-E551-47D5-81B7-FB29A8208C4E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A06C5803-180D-431F-9D31-966C5882A6D7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {A220DFCA-9E0B-483E-8A2C-EF9DD7287506} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ACE2EDB7-B872-4410-ADB3-9EFF11C951BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2746146-9922-4DFE-924B-688020B50A3A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B6E5D7D7-09AD-48CA-BA85-1055AD891FAD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C234A664-0128-4674-A985-361571A9D5AE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C236B2AB-F82C-43D4-9192-21C782A73070} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C26125DE-525C-4F0E-807D-F9C8476B1F15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {C4E62593-91A0-4F09-A9F2-DA50A1BA236E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CAFCD851-F135-484F-A35F-39A7AE1D70EF} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {CB516695-7DF7-430C-B891-EDD2C227DDE4} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-06-23] (Micro-Star INT'L CO., LTD.)
Task: {D3CCAA4F-6A36-4C83-921E-9EC3ECBAE31F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9699F8D-BF9D-40ED-8919-F4B7F754F528} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DFF5F9B0-026C-42C4-BA0D-D1AF3C32FA9A} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {E12FABB8-3BD6-47FB-B374-225DFC183284} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E6820E72-332D-4829-AFDF-15E654C70528} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EFD0789C-E2DC-4899-A2BC-DFE78345B1A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Bohus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9ed2b467e8b588b1\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2018-05-27 11:10 - 2014-01-28 05:16 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-07-25 16:23 - 2018-07-19 22:20 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-09-10 21:03 - 2016-06-14 16:35 - 000187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-15 09:01 - 2018-08-03 05:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-18 16:40 - 2018-07-18 16:40 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-18 16:40 - 2018-07-18 16:40 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-18 16:40 - 2018-07-18 16:40 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-18 16:40 - 2018-07-18 16:40 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-18 16:40 - 2018-07-18 16:40 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-15 08:50 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-15 08:50 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-07-25 16:23 - 2018-07-19 22:19 - 095437352 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-25 16:23 - 2018-07-19 22:19 - 003029032 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-25 16:23 - 2018-07-19 22:19 - 000149544 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-08-15 10:16 - 2018-08-03 10:30 - 031303168 _____ () C:\Users\Bohus\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.154\pepflashplayer.dll
2016-12-09 12:26 - 2016-12-09 12:26 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-08-15 23:17 - 2018-08-15 23:17 - 000033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-05-27 11:10 - 2014-01-28 05:16 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-04-19 06:56 - 2017-04-19 06:56 - 000889672 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\System.Data.SQLite.dll
2017-04-19 06:56 - 2017-04-19 06:56 - 000038728 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\ThemisLib.dll
2017-04-19 06:56 - 2017-04-19 06:56 - 000014152 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\NetworkAssessLib.dll
2017-04-19 06:56 - 2017-04-19 06:56 - 001109320 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\NDISAPI.dll
2014-04-29 17:23 - 2014-04-29 17:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-10 21:03 - 2016-06-14 16:35 - 000163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-09-10 21:03 - 2017-08-02 14:48 - 000237568 _____ () C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2018-07-25 16:23 - 2018-07-19 22:19 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-07-27 08:21 - 2018-07-27 08:21 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-27 08:21 - 2018-07-27 08:21 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-07-27 08:21 - 2018-07-27 08:21 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-10 21:03 - 2016-06-01 15:50 - 000785360 _____ () C:\Program Files (x86)\MSI\Gaming APP\Lib\USB_DLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\vsb.cz -> hxxps://vpn.vsb.cz

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-22 09:16 - 2017-11-29 20:36 - 000001047 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 activation.acronis.com
0.0.0.0 web-api-tih.acronis.com
0.0.0.0 web-api-tie.acronis.com
0.0.0.0 web-api-vmp.acronis.com
0.0.0.0 cloud-rs-ru2.acronis.com
0.0.0.0 cloud-fes-ru2.acronis.com
0.0.0.0 rpc.acronis.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-337565027-2083424564-962048763-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bohus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "CheVolume.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Tmobile_Czech Estoril ModemListener"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "OMClient"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-337565027-2083424564-962048763-1000\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A9D4A41-0F20-4E0A-BD48-394F4B59BFBC}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9E390681-B542-413E-A082-320BFA5782AB}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D60296F6-BBB7-4F71-B218-2E3410175455}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7538171A-1FF9-46C8-8177-D89CAF64EB24}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95973A64-A000-47B5-B8D6-D0D900870FCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC24AED4-8F98-4685-8836-01FE87CA4E99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{98A65F9B-FF19-481B-A684-AFC6ECB00040}D:\hry\grand theft auto v\gta5.exe] => (Allow) D:\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E41E1A7-4D01-4627-9CD6-7B75601A8736}D:\hry\grand theft auto v\gta5.exe] => (Allow) D:\hry\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{F1158564-C126-4552-8427-2D61B2020876}D:\users\bohus\appdata\roaming\utorrent\utorrent.exe] => (Allow) D:\users\bohus\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9520EA49-12E0-43C9-B79E-B65C665985DC}D:\users\bohus\appdata\roaming\utorrent\utorrent.exe] => (Allow) D:\users\bohus\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{406C7881-4DF9-4755-9B03-9E3B54163F67}] => (Allow) D:\Users\Bohus\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{1F1A3620-F946-4423-8FD7-7794BA2E1709}] => (Allow) D:\Users\Bohus\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{AD328C62-EBAA-461A-8A3D-95504A598F0E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F13E2518-53FE-45A8-8033-6DAEA69BD89A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{DD30700C-24AC-4423-8ADF-209A70DE1394}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{8C57FD7D-42AB-49BB-8601-15C54AB30048}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{93600C46-1617-4A1C-9FC2-A2148A3EB16A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C322CD9A-D190-4F55-9962-3FBC9407DE64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C74CF9B8-3611-4926-97E3-7A29F8EB00E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{045D763B-09F2-46EE-AEC6-14DA20BE72BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1F982AAF-3248-460C-95F9-6ACEFB373E58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9F16C88-EB74-4D68-8D84-D65DE32A9676}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9FD69635-AF58-4D69-ABF0-9E31E2BD53F7}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1B92A166-73C8-4576-B478-8EC92AC65FA5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E3571419-2DB5-432B-9EE2-6446F44F8B0E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C418BCB-1215-47A2-B9D0-14982E0F21D3}] => (Allow) LPort=26789

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2018 07:37:38 AM) (Source: TrueKey) (EventID: 0) (User: )
Description: Zpracování změny relace se nezdařilo. System.ArgumentException: Data Source cannot be empty.  Use :memory: to open an in-memory database
   v System.Data.SQLite.SQLiteConnection.Open()
   v McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
   v McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
   v McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
   v McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
   v System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (08/16/2018 07:32:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MSI_LiveUpdate_Service.exe, verze: 1.0.0.48, časové razítko: 0x599114c2
Název chybujícího modulu: NDA.dll_unloaded, verze: 1.0.0.15, časové razítko: 0x581aa4cc
Kód výjimky: 0xc0000005
Posun chyby: 0x000f650e
ID chybujícího procesu: 0xe88
Čas spuštění chybující aplikace: 0x01d434dd6758a315
Cesta k chybující aplikaci: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
Cesta k chybujícímu modulu: NDA.dll
ID zprávy: be3ed6c1-b713-46e4-a98f-e373a5d5c801
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (08/15/2018 11:18:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IAStorDataMgrSvc.exe, verze: 13.1.0.1058, časové razítko: 0x53642550
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x018f6aed
ID chybujícího procesu: 0xf64
Čas spuštění chybující aplikace: 0x01d434dd6764a9c8
Cesta k chybující aplikaci: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 76f86347-60d1-4fc0-986e-55b0298df446
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (08/15/2018 11:18:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: IAStorDataMgrSvc.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
   na IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   na IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   na IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   na System.Threading.ThreadPoolWorkQueue.Dispatch()
   na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2018 11:18:10 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Zpracování změny relace se nezdařilo. System.ArgumentException: Data Source cannot be empty.  Use :memory: to open an in-memory database
   v System.Data.SQLite.SQLiteConnection.Open()
   v McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
   v McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
   v McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
   v McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
   v System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (08/15/2018 11:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WsAppService.exe, verze: 2.2.0.5, časové razítko: 0x56fce241
Název chybujícího modulu: KERNELBASE.dll, verze: 6.2.17134.165, časové razítko: 0xb0bb231d
Kód výjimky: 0xe053534f
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x%9
Čas spuštění chybující aplikace: 0xWsAppService.exe0
Cesta k chybující aplikaci: WsAppService.exe1
Cesta k chybujícímu modulu: WsAppService.exe2
ID zprávy: WsAppService.exe3
Úplný název chybujícího balíčku: WsAppService.exe4
ID aplikace související s chybujícím balíčkem: WsAppService.exe5

Error: (08/15/2018 11:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IAStorDataMgrSvc.exe, verze: 13.1.0.1058, časové razítko: 0x53642550
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x03b46aed
ID chybujícího procesu: 0xfb4
Čas spuštění chybující aplikace: 0x01d434dcf479a323
Cesta k chybující aplikaci: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 71742334-691e-4a40-ad45-fdbb657b8a4d
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (08/15/2018 11:15:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: IAStorDataMgrSvc.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
   na IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   na IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   na IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   na System.Threading.ThreadPoolWorkQueue.Dispatch()
   na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (08/16/2018 07:37:46 AM) (Source: DCOM) (EventID: 10016) (User: BOHUS-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli Bohus-PC\Bohus (SID: S-1-5-21-337565027-2083424564-962048763-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/16/2018 07:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI Live Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/15/2018 11:20:38 PM) (Source: DCOM) (EventID: 10016) (User: BOHUS-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli Bohus-PC\Bohus (SID: S-1-5-21-337565027-2083424564-962048763-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/15/2018 11:19:17 PM) (Source: DCOM) (EventID: 10016) (User: BOHUS-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli Bohus-PC\Bohus (SID: S-1-5-21-337565027-2083424564-962048763-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/15/2018 11:18:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/15/2018 11:18:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Wondershare Application Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/15/2018 11:17:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel Security True Key byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (08/15/2018 11:17:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba iMobilityService byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2018-08-13 13:40:46.468
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal.B!rfn&threatid=2147727314&enterprise=0
Název: Trojan:Win32/Bluteal.B!rfn
ID: 2147727314
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_D:\Games\Forza Motorsport 7\AppFiles\WinStore.Love.Auth.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Bohus-PC\Bohus
Název procesu: D:\Games\Forza Motorsport 7\AppFiles\forzamotorsport7.exe
Verze podpisu: AV: 1.273.1311.0, AS: 1.273.1311.0, NIS: 1.273.1311.0
Verze modulu: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2018-08-11 07:57:08.243
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {7313DFBE-F348-4FC4-8264-7962A6C7E170}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-10 16:41:30.911
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {E42306CA-BA2F-4800-A25C-562F820AD62C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-10 16:33:18.088
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {8650E799-6182-42D8-93E5-7A503F6AA07B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-07-27 08:04:28.937
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal.B!rfn&threatid=2147727314&enterprise=0
Název: Trojan:Win32/Bluteal.B!rfn
ID: 2147727314
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_D:\Hry\Forza Motorsport 7\AppFiles\WinStore.Love.Auth.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Bohus-PC\Bohus
Název procesu: D:\Hry\Forza Motorsport 7\AppFiles\forzamotorsport7.exe
Verze podpisu: AV: 1.273.371.0, AS: 1.273.371.0, NIS: 1.273.371.0
Verze modulu: AM: 1.1.15100.1, NIS: 1.1.15100.1

CodeIntegrity:
===================================

Date: 2018-08-15 13:46:32.865
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.847
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.820
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.767
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.757
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.747
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:32.050
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-15 13:46:31.941
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 16321.92 MB
Available physical RAM: 11600.91 MB
Total Virtual: 32705.92 MB
Available Virtual: 26344.44 MB

==================== Drives ================================

Drive c: (Céčko) (Fixed) (Total:111.25 GB) (Free:45.08 GB) NTFS
Drive d: (Déčko) (Fixed) (Total:931.51 GB) (Free:143.47 GB) NTFS
Drive e: (Éčko) (Fixed) (Total:298.09 GB) (Free:25.75 GB) NTFS

\\?\Volume{bab3a643-cee0-11e5-a043-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{5859cb4a-0000-0000-0000-60d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5859CB4A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E077B7E3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: FB0F92CC)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================