HKU\S-1-5-21

[Swukle]

MÁM VIR HKU\S-1-5-21 A NEVÍM JAK HO ODSTRANIT PROSÍM O POMOC!

[Rudy]

Zdravím!
Toto je nějaký registry klíč, není to pojmenování viru. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[Swukle]

Ahoj rudy, máš prosímtě skype? potřebuji s tím pomoct

Tento web není dostupný

Připojení bylo resetováno.
Zkuste:
Zkontrolovat připojení
Zkontrolovat proxy server a firewall
Spustit Diagnostiku sítě systému Windows
ERR_CONNECTION_RESET

[Rudy]

Tak mohu poradit. Spusťte diagnostiku sítě a pak stáhněte FRST. Skype mám, bude nám to ale k ničemu, bez logu z FRST nemohu pokračovat (rudy.viry.cz). Momentálně nemám mikrofon.

[Swukle]

Tak by jste mohl psát a já bych vám dal zdílení obrazovky, a FRST Už mám ale Když to zapnu a ono to donkončí tak to píše: "Vami Stazeny FRST64.exe se nenazazi na Plose, presunte jej tam prosim a pak znovu spustte FRSTLauncher" a já když prohledám svůj PC žádný FRST64.exe v PC nemám ¯\_⌣_⌣_/¯

[Rudy]

Máte-li 64bit. systém, musíte použít FRST64. Pak jej umístíte na plochu, nebo do libovolného adresáře a spustíte. FRST na 64b. systému nepoběží korektně.

[Swukle]

Stáhl jsem FRSTLauncher a dal jsem ho na plochu, spustil a napsalo to co jsem napsal nahoře(mám programfiles 86x)

[Rudy]

Zkuste notmální FRST: http://www.bleepingcomputer.com/downloa ... scan-tool/ .

[Swukle]

Teď jsem zapl PC a zapl se mi Internet s nějakou reklamou, takže je infikován i Google.... nicméně FRST64.exe se mi povedl stáhnout a tady je log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by test (13-06-2017 16:07:17)
Running from C:\Users\test\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-11-14 22:59:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1906927588-4285542165-1585533686-500 - Administrator - Disabled)
Guest (S-1-5-21-1906927588-4285542165-1585533686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1906927588-4285542165-1585533686-1002 - Limited - Enabled)
test (S-1-5-21-1906927588-4285542165-1585533686-1000 - Administrator - Enabled) => C:\Users\test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{315BE77E-D725-477D-9C71-63F78844363C}) (Version: 12.2.2.172 - Adobe Systems, Inc)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
AIO Ultimate Patch v8.2.0 (HKLM-x32\...\AIO Ultimate Patch_is1) (Version: 8.2.0 - Zexdestroyer)
Aktualizace NVIDIA 24.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 24.0.0.0 - NVIDIA Corporation)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock OC DNA v1.12 (HKLM-x32\...\ASRock OC DNA_is1) (Version: - )
ASRock OC Tuner v2.4.70 (HKLM-x32\...\ASRock OC Tuner_is1) (Version: - )
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Counter-Strike 1.6 (HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Counter-Strike 1.6) (Version: - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUCores :: Maximize Your FPS (HKLM\...\Steam App 384300) (Version: - Tim Sullivan)
CPUID CPU-Z OC Formula 1.74 (HKLM\...\CPUID CPU-Z OC Formula_is1) (Version: 1.74 - CPUID, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version: - Klei Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.86 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
HAWKEN (HKLM\...\Steam App 271290) (Version: - Reloaded Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.0.2 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Interplanetary (HKLM\...\Steam App 278910) (Version: - Team Jolly Roger)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Last Man Standing (HKLM\...\Steam App 506540) (Version: - Free Reign Entertainment)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Game Long Name (HKLM\...\UDK-c66cc16b-979b-444a-8a9c-c6712143e3e9) (Version: - Epic Games, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Ovládací panel NVIDIA 358.91 (Version: 358.91 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
PokeCraft_GameTeam_1.7.10 (HKLM-x32\...\PokeCraft_GameTeam_1.7.10) (Version: - )
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Source Filmmaker (HKLM\...\Steam App 1840) (Version: - Valve)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
Tom Clancy's The Division (HKLM\...\Steam App 365590) (Version: - Massive Entertainment)
Town of Salem (HKLM\...\Steam App 334230) (Version: - BlankMediaGames)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Worm.is: The Game (HKLM\...\Steam App 466910) (Version: - Freakinware Studios)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A4EB57-22E8-4D8C-8309-591A03D24FF8} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION
Task: {12C4500E-EBCB-4C7D-8B6A-BA4F10E5AF3F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-28] (NVIDIA Corporation)
Task: {14088108-5386-4661-A00A-ADFACBA5FE88} - System32\Tasks\youfreenewscombcoms => "" [Argument = youfreenews.com/bcoms]
Task: {1F486116-419B-495E-892B-811EE074763B} - System32\Tasks\OnfatUpdateTaskMachineCore => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {1F55D9E5-9B6A-486E-B6A5-F36377AFD9B0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1906927588-4285542165-1585533686-1000
Task: {221480A1-4E05-4BE5-BF50-105E435395CF} - System32\Tasks\SafeZone scheduled Autoupdate 1468859727 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {238971E7-3658-4FCE-AA0A-52058014C1AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {29C35668-F1D4-4110-B746-0E1398157208} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-28] (NVIDIA Corporation)
Task: {314912C8-7E04-4FDD-8FDD-B0587056E929} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-28] (NVIDIA Corporation)
Task: {322EBE09-E94B-415C-943D-615A3E712500} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-28] (NVIDIA Corporation)
Task: {43789D00-80F2-4355-93FC-F13F71C4A549} - System32\Tasks\AdobeAAMUpdater-1.0-test-PC-test => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {4F967D56-9C4C-415D-B0E1-977668333E6F} - System32\Tasks\{E9E4F67C-4149-457E-9DA0-22F90420D7B2} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\Uninstall.exe" -c /xuninstall
Task: {51C84AA4-5F81-4384-88D4-8F14EF1CB855} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-28] (NVIDIA Corporation)
Task: {5934F67B-6718-4006-98E3-925B5625D19C} - System32\Tasks\JunetoeUpdateTaskMachineUA => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
Task: {6EB7126A-0CD4-4B66-A117-A5B99CC16706} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== ATTENTION
Task: {702AB7DB-00D1-4F6A-A9A5-9818AE6B3813} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {8AE17116-9657-4F45-839F-C8C9D9A9283C} - System32\Tasks\BossseedUpdateTaskMachineUA => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION
Task: {8F3C9A63-DA4C-4888-9427-382CE9741B57} - System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {9A970427-6206-404F-A566-86C90C55A772} - System32\Tasks\OnfatUpdateTaskMachineUA => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {AFE0B9BF-DF67-4DCF-BB2A-52BE2497CBDB} - System32\Tasks\InternetE => "" [Argument = http://howtobleases.xyz/kreps]
Task: {B0D8A2F8-77D7-483B-B5C8-79920F089B72} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {BEDB5EB5-85CB-4B0C-A1ED-1F68DB31EEF6} - \GoogleUpdateTaskMachineUA1d12d273beedd3d -> No File <==== ATTENTION
Task: {C846EDC7-ED3C-48B6-A101-2AD56907111E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {CB9CE33C-D093-4F90-98C2-55D9081F476D} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {E93DD05A-7B74-4FE3-AF3A-EB3B0841E4EC} - System32\Tasks\Gerkmiwegh Cache => C:\Program Files (x86)\Bvafivagh\grkCachePhg.exe
Task: {F2D18390-9770-4EDD-83A5-DACA480C15A1} - System32\Tasks\JunetoeUpdateTaskMachineCore => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
Task: {FE34FF4E-D15A-4BEA-B5AB-1AF7505A8302} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\test\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\test\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\test\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://haxtaxy.ru/?utm_source=startlink03&utm_content=c9929528e6af3413fb1863d8e75afaa4&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820"
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1440,900
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"

==================== Loaded Modules (Whitelisted) ==============

2015-11-15 01:12 - 2015-11-05 17:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-15 01:04 - 2015-11-09 21:43 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-11-15 01:04 - 2015-11-09 21:43 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-11-15 01:04 - 2015-11-09 21:43 - 00621168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2017-06-12 17:08 - 2017-06-03 10:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\libglesv2.dll
2017-06-12 17:08 - 2017-06-03 10:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\libegl.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-13 05:22 - 2017-06-13 05:22 - 05778720 _____ () C:\Program Files\AVAST Software\Avast\defs\17061202\algo.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 16:48 - 2017-05-09 16:48 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-07-17 13:58 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-17 13:58 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-17 13:58 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-17 13:58 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-17 13:58 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-17 13:57 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-17 13:57 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-17 13:57 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-17 13:57 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-17 13:57 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-17 13:58 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-17 13:57 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2016-12-13 06:56 - 2017-05-08 21:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 12:57 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-07-17 13:58 - 2017-06-08 07:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-07-17 13:57 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-08-24 13:35 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: cz.seznam.software.autoupdate => "C:\Users\test\AppData\Roaming\Seznam.cz\szninstall.exe" -c
MSCONFIG\startupreg: cz.seznam.software.szndesktop => "C:\Users\test\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
MSCONFIG\startupreg: seznam-listicka-distribuce => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0E6AD7D0-EDBC-4A76-A991-3B0E016EC448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C9B5E9BE-A0F2-4AB9-8A73-1C0908A88DA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FF7229D0-4EB6-406C-82A0-49D40D2436DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B7B143E2-A1D9-4D5F-AAC6-FA6C32843994}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FD91C39F-9D42-45EC-B9A0-563B94A5BCB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B545220-D025-4A34-8320-2C5B60D069FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98A83A41-EE13-4F86-A708-5CE3BBE92B12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0283AE8F-6DC2-47C5-9ACD-42827C092244}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{408E90C7-1CDA-4D9E-A277-2D9BB762CB6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C8B4F896-8A78-4BAE-A7FD-8579109AC8DD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AA889EF1-07C6-4EC0-9F46-93F448C6597B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{13CFB8ED-CF84-4AD3-A86E-08776BCB4FC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{F0C0CEA0-985E-46D9-82CF-44B7DAC10821}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{931B76C7-A7A2-4A2F-877D-E2C22FAD915D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{E7A4641F-0767-4092-8CAA-C87E461F7C21}] => (Allow) LPort=80
FirewallRules: [{933824CE-C590-42C8-B0BC-77B66C0C7E59}] => (Allow) LPort=443
FirewallRules: [{183FCB46-E0CB-4678-A256-8F9AA2F002A3}] => (Allow) LPort=20010
FirewallRules: [{C7F429B4-E931-4786-B05C-86A7E50E7240}] => (Allow) LPort=3478
FirewallRules: [{9DD75338-548B-4BD3-88EE-B71F9A8DE017}] => (Allow) LPort=7850
FirewallRules: [{78553959-7542-4398-B15C-DA1A676178C2}] => (Allow) LPort=7852
FirewallRules: [{6B464B8C-FA04-4DE5-96E1-20FAF534DABE}] => (Allow) LPort=7853
FirewallRules: [{F847119A-1845-4351-836A-44E5EAFE3A03}] => (Allow) LPort=27022
FirewallRules: [{7B3CFA27-E645-4D3E-9A98-311A273068C6}] => (Allow) LPort=6881
FirewallRules: [{A052E274-7212-4D22-9B65-2C260B914E9A}] => (Allow) LPort=33333
FirewallRules: [{3D1A2733-9630-4A32-9EA4-D0050D5B466C}] => (Allow) LPort=20443
FirewallRules: [{0214E2C0-1ADF-4E24-A307-D7795DC3ADDF}] => (Allow) LPort=8090
FirewallRules: [{8A62B8FE-6502-4BAA-9FA5-1BCC15FC001D}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{7522A6A4-3D64-419E-947F-049D690DC8AD}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{2A2F1D8C-67ED-4611-939E-4D751262C1A7}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{66E59FDB-4743-4FB5-A628-634B7F9FD34B}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{199FA038-EAE5-48A0-B513-2E22E29EF789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{C71ED3BD-8B2F-4729-8711-A7E64244169C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{AC618B69-204E-4E4D-B784-25CF84C36FDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{E1A715A2-D1AA-40C9-A7D0-6589B83FD1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{CB697421-7470-47F6-B13B-741477FD47E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{5A5AEFF9-1495-467A-94E9-07D496E6C938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{ED157A95-E066-4A16-BDFF-879CC9786809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [{8F782635-AB83-405D-8E2B-EF2533D2E345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [TCP Query User{33808FD3-2D40-4C64-99AC-ED8C1F2E18F3}C:\users\test\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\test\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{AB1ADC4D-FA26-4D17-978C-C55EB6A976AC}C:\users\test\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\test\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{BABF82D2-8A8D-4D4F-84C7-577A77A936DD}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{0A0FC683-08DB-46F1-9EB5-7E000EC3CB06}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{DC4EB25F-CE22-4239-8213-DCB52AD5F657}] => (Allow) C:\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [{D7DF51B4-8932-4404-BDEA-FCA88559EBC4}] => (Allow) C:\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [{44104974-E2C7-466C-A171-5943F76B4E42}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{3B1EF7AE-D321-4FF8-8EB5-1166B3955175}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1E132540-C7D8-42E4-901E-786C76E81F31}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{3CD00620-A5A5-4A50-8E96-0BB80679043F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{69948A0B-9A84-41BB-B19C-D8712EA3D63C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{1C6583ED-A738-4B9A-8D42-C5903C69C10D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{0E180605-EFA2-453E-9322-D36861D6D6C7}] => (Block) C:\warthunder\aces.exe
FirewallRules: [{A2F6E597-0247-4D0B-96EB-4E96F69295C5}] => (Block) C:\warthunder\aces.exe
FirewallRules: [{1CEF16DD-CC04-49A4-906B-EED68A5CD09E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F6A6175F-F58C-4B90-8CE6-176185604B07}] => (Allow) LPort=2869
FirewallRules: [{A46BCE63-CD15-4A41-A83F-0F8BE929A118}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{1196EF31-D066-470F-BC43-C2258D8000EF}C:\users\test\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\test\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FE6FF8E0-7384-4EE3-ABF8-F80D3642F90D}C:\users\test\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\test\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9D95FAC6-0ED6-4211-8105-55AA2385DDA8}C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergame.exe
FirewallRules: [UDP Query User{1B5AB156-73EC-4982-85D7-D20D07F2D96B}C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergame.exe
FirewallRules: [TCP Query User{EA9DF7EF-D71C-4296-A593-BE16D71D0AD6}C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergameserver.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [UDP Query User{7753E8CC-82B6-4B6A-A699-896171F0ADBC}C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergameserver.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.875\ark survival evolved\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [TCP Query User{E9E6E397-A85F-460E-AC93-9D68C30741DB}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{525532BE-CF30-4E6C-9196-74B37AE45763}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{0F5D4570-5CD6-4A96-8AD7-4B760033F93D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4BAD9F7B-2B7D-48D4-BC0C-1E5D4659700D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{210D4729-A425-4B77-92D2-0914E880FE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{55C5E529-144C-41D2-95D5-FC3CCC102781}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{9CA46917-0841-4F78-A52C-D1FFE282D7E5}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{80894295-FF7A-4FC3-B7C4-B650E339280F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{936865F0-CDC9-4A23-A21C-219B6E024EE4}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1630A6F3-E06F-4450-8527-2DF516CDD065}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{EDF0C294-264A-49D5-90AC-1BAF119A51AA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8EEF7B44-69C5-4E8B-85F8-01F0B595690B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{92007C46-0ED6-4ED8-97DB-605F5FB8238E}C:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe
FirewallRules: [UDP Query User{2CA40B3E-E314-4C18-AAA9-188DAD5B355C}C:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe
FirewallRules: [{83ED9335-6A3E-4EEB-95A0-60E8D105B63E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BBC7E534-069C-4F24-9104-038AC031D1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1EAEF6B9-1E08-48C3-8219-8DF68182A31F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{04D43BB3-0A81-4D3A-9C61-21468BF8E4F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{F9650580-05BC-4FDB-B5E6-2A9A215401B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{309B0CA6-B29A-4997-B54D-CD116BDD62B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [TCP Query User{44F2F862-FCAF-491E-9463-2D88003A6780}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{3A74B7F1-2FDD-4E27-A57D-B7F60DC02340}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{BD17EE0B-D999-4511-8824-C626C3940F8D}C:\program files (x86)\steam\steamapps\common\war thunder\win32\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win32\aces.exe
FirewallRules: [UDP Query User{E9F2C230-611B-4B62-A38A-F6028A11D7D3}C:\program files (x86)\steam\steamapps\common\war thunder\win32\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win32\aces.exe
FirewallRules: [{FCA42EE0-B528-44E8-916D-09DC51EBD4B7}] => (Allow) C:\Users\test\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{2455E91A-F595-43FB-820C-C7C6C9BF1652}] => (Allow) C:\Users\test\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{8058F56C-4F47-46D1-9434-AD3B080B5DD8}] => (Allow) C:\Users\test\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{FDA4DC05-E3EA-4E0B-96A0-6C6267940F35}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{E93EFEA3-19A1-4E5B-A94B-3D4A5BEB0584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{200C1B5C-FA46-477A-B858-B50E8A0265FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{21C42A22-CF3A-45D7-8595-66ABEA831D9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{0AED041D-41D0-4C7F-90F0-B0AC9362772E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{70FB37F1-E1FC-44B5-BB4B-43F46478C9E3}] => (Allow) C:\ProgramData\Junetoe\Junetoe.exe
FirewallRules: [TCP Query User{3F4AC3C5-B250-465B-A34D-8B43B6B60E45}C:\users\test\counter-strike 1.6\hl.exe] => (Allow) C:\users\test\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E2BA28C1-C0A8-461C-93C6-215B65C8849A}C:\users\test\counter-strike 1.6\hl.exe] => (Allow) C:\users\test\counter-strike 1.6\hl.exe
FirewallRules: [{03224F0D-25BA-49DF-A5C5-9F51BBDECEF5}] => (Allow) C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe
FirewallRules: [{28CCCE5D-4E36-4DDA-9C84-91CEFBDB03C3}] => (Allow) C:\ProgramData\Bossseed\Bossseed.exe
FirewallRules: [{986E9482-92D3-4C52-AFF8-DCADAD134773}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{DA0B3E02-738D-47E1-9C1E-DF87B792B125}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{9D8DD9A7-A430-48EB-A69D-404D217D994F}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [{B24A0AED-9946-4DA5-87FC-9ECE82568984}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [TCP Query User{9492F7D9-F02F-4ADE-A7EA-334EC80DC826}C:\program files (x86)\bangboat\application\chrome.exe] => (Block) C:\program files (x86)\bangboat\application\chrome.exe
FirewallRules: [UDP Query User{B2294BAF-E530-4E81-9B59-C45A3EB0F17B}C:\program files (x86)\bangboat\application\chrome.exe] => (Block) C:\program files (x86)\bangboat\application\chrome.exe
FirewallRules: [TCP Query User{BE5023FC-0D42-4B3F-BE60-522C9194D0BE}C:\users\test\appdata\local\temp\rar$exa0.077\calm.down.stalin.v1.0.3\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.077\calm.down.stalin.v1.0.3\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{36D417A9-103D-4518-A97F-2B89DA171A57}C:\users\test\appdata\local\temp\rar$exa0.077\calm.down.stalin.v1.0.3\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.077\calm.down.stalin.v1.0.3\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{4127386A-2E7E-4CF7-9D21-863A19D4518B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{819EAC4A-A522-4B37-9A97-DF250C6D162B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{2340A0C9-E88F-46A9-B826-F98FFF923E28}] => (Allow) C:\Users\test\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{54193372-6A78-4A61-B410-AE13E460A3C8}] => (Allow) C:\Users\test\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{A6F5A9D5-F65F-4B68-9CB3-AED80322B5D0}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{FAFC884C-1AA3-445F-A251-12C7FD6E4CB6}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{EE9EFA04-7915-4C53-BA0C-7F6D08152195}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{B779BEDC-31B2-4A6F-A444-1C50F114AD7A}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{484521CC-8BD3-4BB5-AEBC-40460C0E6C4B}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{019C0CE5-9F9A-48D1-92EF-62D7C1701F03}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{BB3AD760-C507-49A1-B3C3-379BDA82F3BA}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6AC05D2C-6E9B-4454-9060-532081F60F88}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{4F324C39-D9A4-4196-8771-1A52036C0141}] => (Allow) C:\Users\test\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{685B9439-5CBA-4334-9506-22715F6F00FD}] => (Allow) C:\Users\test\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{5F696A45-A003-42EB-BE54-3BFF4A188A57}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{AC32C19A-AA9F-4094-81C2-809741BD0D6A}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{86D27381-5DB4-4377-8140-D95805A04D92}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{E0B81AA3-D787-4F37-BBE6-405A1A17D1C1}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{29C5D60F-D80F-42BA-95A7-1F4594907A48}] => (Allow) C:\Program Files (x86)\Hotson\Application\chrome.exe
FirewallRules: [{3F4E2191-C9AA-4629-BE75-56786C6F6516}] => (Allow) C:\Users\test\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{E3A70F68-AA50-4ACC-B9B7-14FFE018E66A}] => (Allow) C:\WarThunder\run.exe
FirewallRules: [{02E7F1EB-EE82-47AC-B08C-EE304107613D}] => (Allow) C:\WarThunder\run.exe
FirewallRules: [{ACB342F9-BF00-4A2A-BE95-E5E53EFB3586}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E0697C14-1DB5-43D0-9184-1DC0C765E393}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D266EFED-0C6D-4F21-B059-4C76145B9188}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{893D001C-69F9-4172-AE90-BBA72D53C4FD}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{AA3034F2-ABB7-411B-9326-6FB41EC41379}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{A22C99A4-EF1D-4F29-8766-4EF16EE58560}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{08A5C465-2563-4665-8812-093EA19A0890}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{ED90CE52-5845-4BD9-BC23-63AC3AB1E427}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{6EE1EFE3-BAAC-4874-AE84-6D988806B205}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{80927AFE-18BC-4966-8DFB-ACC1540E7897}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{CB86FAB6-D2CF-4DC3-B356-DA9FC2DEC0F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7D156FA2-F6E8-4577-9927-D097CE5D96BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5F47E6EC-8520-4DD3-A2F1-32BB6DC13655}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CAA3A2E5-5C32-4B2D-99C6-8C511D9DED48}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{EF57E874-8ED0-46EE-B377-5716839477D4}C:\users\test\appdata\local\temp\rar$exa0.928\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.928\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{1BE457E4-C422-4B4B-BE9F-C643CC7EEDEC}C:\users\test\appdata\local\temp\rar$exa0.928\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\test\appdata\local\temp\rar$exa0.928\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{B49C353B-2FCD-4F07-811F-21C3E73FB892}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{139CE9A0-DA93-47FF-A35C-562A774A311F}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{31118C0C-DB20-489D-97A7-6A6FE6C42FBA}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{A7EB4C73-14AB-4A94-BF0F-902DCF893D22}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{56F1DB8C-18F6-49E8-BD40-5D4929EEB5B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AXYOS\Binaries\Win32\UDK.exe
FirewallRules: [{3001F469-6F77-4479-9520-D03C0598581E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AXYOS\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{788BB940-0898-42DD-A028-1FE1DF761722}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B47B8332-0443-4EAE-B57C-434FB02B50D3}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{787CD32A-1DFC-4E2A-9429-B7485BA88A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{FD476BCB-C114-4A11-BCE8-23DAC376F4EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{2D2738F1-82F8-4769-B6DA-38872C5F5B84}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{D288579B-F7AF-4E70-9BC6-37BAA90F676B}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{65D77DD3-52E5-47F0-AC3D-68C2142DBABC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{FED4F3AC-BF1A-4F54-B11C-E5314009A47D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3E7DAB11-AA5A-4098-A7C5-67649A171FDB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A17B120F-AAC8-471D-A953-154C469D88F5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{EF82E4CE-A0AF-4F52-A432-B8FE2A090932}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{31E069E8-5E92-4050-BF96-97D9C77F3A56}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{83956A1D-D3EC-4824-BC93-C2BE41992919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{26994B77-5B0D-4611-882F-DDCB6CAA078D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A08E63EE-7FE0-4A7A-AC7B-44E4D14157DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{E9366309-1DFC-4783-88F7-939BB87FCABE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{84DAA171-E390-48E8-9A47-B1D5D0A14AE0}C:\counter-strike 1.6\hl.exe] => (Allow) C:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{CA6D2542-C43C-460C-8072-EE301AF81238}C:\counter-strike 1.6\hl.exe] => (Allow) C:\counter-strike 1.6\hl.exe
FirewallRules: [{04B2DA5E-239C-4408-B3AA-E6984B37194F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{EB2EECEE-D874-40D5-B6A5-AFEC1F31BE4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0611052B-FE98-4B8C-BD0F-B2CED48629CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{326AA0EB-0E05-4C8B-891D-16C088D687FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{34E1A068-F4E6-4E46-9EE2-9D4D2D6C7C10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{77D1C243-FB7A-48F3-9E62-81B68828DFAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CPUCores\cpucores.exe
FirewallRules: [{ADCE9264-E060-410E-B405-E7F646944502}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CPUCores\cpucores.exe
FirewallRules: [{5EF1536F-CF53-4062-82F1-3DE9D5888321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [{8B41EB11-B9C6-4883-AD6D-610897DE7CB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [TCP Query User{9EE30590-B31B-4436-A954-7086D80F8CE7}C:\program files (x86)\steam\steamapps\common\lms\lms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lms\lms.exe
FirewallRules: [UDP Query User{37A95CE0-E3F2-49EE-85B1-AE99F446D586}C:\program files (x86)\steam\steamapps\common\lms\lms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lms\lms.exe
FirewallRules: [{FBD85846-0E34-4BB0-A7C3-243745D695E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{EA6B55D3-E3EC-435F-8ACB-28902B09508B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2E8E3AE0-5B12-415C-9B41-D375B11BB490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{D612E0BC-AB51-4B34-AE5B-C7D96AF759FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2C104C91-554E-4376-8C8D-12BC0691D72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{42CB8C72-59DC-42A6-AD7F-5B1566BF09B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{B094E4BF-0924-4789-9EF9-6F3329BFACD6}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [UDP Query User{82826D3E-7867-4594-B578-0221BE424ABC}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{FBFFEA70-5A8C-403E-8980-A43B46C55DA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Interplanetary\Interplanetary.exe
FirewallRules: [{CA0985C7-68BC-4556-9D95-46DE14E63DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Interplanetary\Interplanetary.exe
FirewallRules: [TCP Query User{F1B1931B-07F1-449E-90F7-C2F5ACE5597E}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{053F55C0-ED34-4B9C-8248-9DFCB7A9B961}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6847E965-A691-4C4C-88A1-C9DE5FDC8F71}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{1D0FE6B2-33FC-4F5A-847C-918C7942097A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{EE267A2C-5673-4E21-998A-4FF31270B637}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0DE4852B-F8CE-4B6D-924A-261CA6218667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{1764A0B6-1842-4D6E-B890-65039DF69D95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{BA439052-EC32-4E2A-A30F-CDEC6F0605CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{B4EA289E-35BF-41B9-AA14-AAF9457B58FB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [TCP Query User{64965E23-C9C9-4750-97E8-1ACB8D2423DE}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{B1E42C03-E6B4-42A2-B67A-6445CC689833}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{ECF67AF7-7521-4244-B933-D23997E79EF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{BB50E2DC-C93F-4415-AAC5-BF6047EEEA30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [TCP Query User{8C7F7774-7F73-43C2-8066-3679EAF4B512}C:\users\test\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\test\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{FD83EA29-B04F-493E-884A-EB60824C2B38}C:\users\test\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\test\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D839F3CA-17C0-4789-90A2-39661BC72F6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2017 04:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/13/2017 05:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/12/2017 07:18:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mbam.exe verze 3.0.0.1068 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1b14

Čas spuštění: 01d2e39f52c0e366

Čas ukončení: 60000

Cesta k aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

ID hlášení: 0a499c91-4f93-11e7-92ed-bc5ff4a88402

Error: (06/12/2017 12:57:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/12/2017 05:19:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/11/2017 05:30:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/11/2017 11:30:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/10/2017 11:57:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2017 12:57:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2017 10:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (06/13/2017 04:02:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Update Service(OnfatU) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:02:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Install Service(OnfatDL) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:02:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Update Service(JunetoeU) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Gerkmiwegh Cache neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ed2k idle service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:02:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Update Service(BossseedU) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 04:00:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MPCKpt

Error: (06/13/2017 03:59:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SoEasySvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 05:20:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Update Service(OnfatU) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/13/2017 05:20:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Install Service(OnfatDL) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


CodeIntegrity:
===================================
Date: 2016-08-20 13:12:09.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MPCKpt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 12:27:03.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 12:23:46.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 12:23:45.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 10:48:16.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 10:43:55.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 10:43:55.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 18:17:21.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 18:13:17.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 18:13:16.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom(tm) 9950 Quad-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 8191.24 MB
Available physical RAM: 5736.31 MB
Total Virtual: 16380.67 MB
Available Virtual: 13796.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.34 GB) (Free:56.79 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:302.73 GB) (Free:302.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 40788ADD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=302.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Toto je Additional. Ještě potřebuji vidět samotný FRST. Soubor by měl být na ploše.

[Swukle]

Omlouvám se, tady je:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by test (administrator) on TEST-PC (13-06-2017 16:06:23)
Running from C:\Users\test\Desktop
Loaded Profiles: test (Available Profiles: test)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2015-11-09] (VIA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BingSvc] => C:\Users\test\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [wzqnxjwmbp] => explorer "hxxp://lawsol.ru/?utm_source=uoua03&utm_content=af8da7b20b3eefcb65f8f1213ce5095e&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820" <===== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks (1)] => "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [amigo] => C:\Users\test\AppData\Local\Amigo\Application\amigo.exe --no-startup-window
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [WallpaperEngine] => "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {00f7291a-9351-11e5-8485-bc5ff4a88402} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {aa919414-ce6c-11e5-97b4-bc5ff4a88402} - F:\Lenovo_Suite.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1906927588-4285542165-1585533686-1000] => hxxp://accessunstop.com/wpad.dat?7a1de62726aec24ef65e07f752561b5c33364717
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{40F5143E-E1E8-494E-B925-72839C3F31C7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AE568813-CC7A-4B9D-B4B4-8D4030A09294}: [NameServer] 77.234.40.79
ManualProxies: 0hxxp://accessunstop.com/wpad.dat?7a1de62726aec24ef65e07f752561b5c33364717

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1479881583 ... 1_9C96E3AC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1479881583 ... 1_9C96E3AC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=147 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {3BF1670B-0D8A-4E20-B24B-CFD61F757B1A} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3CF68074-CCD4-4FF0-B601-9D665036F5AB}&mid=6fc4bfc0856147cca73f6d16b24c6df1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-16 17:50:38&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {9F976E67-9D9C-4F2B-BB92-BE375CC328CA} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {C0C85594-B862-4570-848F-E85A0AB6DD3A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7C0D9D0E-D3E5-42E8-A1C7-2E383D19CD39%7D&gp=811041
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default [2017-06-13]
CHR Extension: (Prezentace Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Dokumenty Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Disk Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Tabulky Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-22]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-12]
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-08-22]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-08-21]
CHR Extension: (Avast SafePrice) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-21]
CHR Extension: (Tabulky Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-21]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-21]
CHR Extension: (Avast Online Security) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-21]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-21]
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily [2016-08-21] <==== ATTENTION
CHR Extension: (Free Web Proxy) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\angbhbjbplfpkbcijbkhecjfcfgjbjoc [2016-08-07]
CHR Extension: (Tampermonkey) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-21]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (Agar.io Powerups Guide) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\hnfiiapoopclmhaikgpbgddfpmmddmeo [2016-04-09]
CHR Extension: (Ad.Block.Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\jfgdibhcmmppklikkdjmomdkdndkkcap [2016-04-09]
CHR Extension: (Agar.io Guide Skins and Powerups) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\lggjoeoadbenkimmgnfdigiodkkmknik [2016-04-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\qudachmupishplalily\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [peefembmkccmkodbcpgilfjgkligpbba] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-05-09] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-06-09] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2015-11-09] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-15] (Microsoft Corporation)
S2 BossseedU; "C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe" [X]
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
S2 grkCachePls.exe; "C:\Program Files (x86)\Bvafivagh\grkCachePls.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
S2 JunetoeU; "C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe" [X]
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S2 OnfatDL; "C:\Users\test\AppData\Local\Temp\ist5BED.tmp\tools\cawda.exe" [X] <==== ATTENTION
S2 OnfatU; "C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe" [X]
S2 SoEasySvc; "C:\Program Files (x86)\SoSoEasy\SoSoEasySvc.exe" {8DE54EC4-2DF3-4F56-9F19-EBC2BDF2FF59} [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2017-03-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
S3 cpuz138; C:\Users\test\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [43304 2016-07-24] (CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [50088 2017-02-08] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-12] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-06-12] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 16:06 - 2017-06-13 16:06 - 00029231 _____ C:\Users\test\Desktop\FRST.txt
2017-06-13 16:05 - 2017-06-13 16:05 - 02438656 _____ (Farbar) C:\Users\test\Desktop\FRST64.exe
2017-06-13 16:05 - 2017-06-13 16:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-13 16:04 - 2017-06-13 16:05 - 02438656 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2017-06-13 05:39 - 2017-06-13 05:39 - 00015327 _____ C:\Users\test\Desktop\LM.bat
2017-06-13 05:24 - 2017-06-13 05:39 - 00029696 _____ C:\Users\test\AppData\Local\MSGBOX.EXE
2017-06-12 18:22 - 2017-06-12 21:22 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-12 18:22 - 2017-06-12 18:22 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-12 18:22 - 2017-06-12 18:22 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-12 18:22 - 2017-06-12 18:22 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-12 18:21 - 2017-06-13 16:00 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 18:21 - 2017-06-12 18:21 - 00001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-12 18:21 - 2017-06-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-12 18:21 - 2017-06-12 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-12 18:21 - 2017-06-12 18:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-12 18:21 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-12 18:20 - 2017-06-12 18:20 - 64232976 _____ (Malwarebytes ) C:\Users\test\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-11 21:26 - 2017-06-11 21:26 - 00019766 _____ C:\Users\test\Downloads\Fridat.The.13th.The.Game-REVOLT.torrent
2017-06-11 21:17 - 2017-06-12 05:28 - 00000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2017-06-11 21:17 - 2017-06-11 21:17 - 00000946 _____ C:\Users\test\Desktop\µTorrent.lnk
2017-06-11 21:17 - 2017-06-11 21:17 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-06-11 21:16 - 2017-06-11 21:16 - 02168712 _____ (emc) C:\Users\test\Downloads\uTorrent221.exe
2017-06-09 15:52 - 2017-06-09 15:50 - 00400656 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-06-09 15:47 - 2017-06-09 15:47 - 00000222 _____ C:\Users\test\Desktop\7 Days to Die.url
2017-06-07 20:53 - 2017-06-07 20:53 - 00001319 _____ C:\Users\test\Desktop\ROBLOX Player.lnk
2017-06-07 20:53 - 2017-06-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-07 17:12 - 2017-06-07 17:12 - 00889912 _____ (ROBLOX Corporation) C:\Users\test\Downloads\RobloxPlayerLauncher (2).exe
2017-06-07 17:07 - 2017-06-07 20:53 - 00001138 _____ C:\Users\test\Desktop\ROBLOX Studio.lnk
2017-06-07 17:07 - 2017-06-07 17:07 - 00889912 _____ (ROBLOX Corporation) C:\Users\test\Downloads\RobloxPlayerLauncher (1).exe
2017-06-03 14:03 - 2017-06-03 14:03 - 00000000 ____D C:\ProgramData\Roblox
2017-06-03 14:03 - 2017-06-03 14:03 - 00000000 ____D C:\Program Files (x86)\Roblox
2017-06-03 13:59 - 2017-06-07 17:12 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-03 13:59 - 2017-06-03 13:59 - 00897592 _____ (ROBLOX Corporation) C:\Users\test\Downloads\RobloxPlayerLauncher.exe
2017-06-01 13:56 - 2017-06-01 13:56 - 00000916 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2017-06-01 13:56 - 2017-06-01 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-06-01 13:21 - 2017-06-09 21:29 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-05-29 21:24 - 2017-05-29 21:24 - 63364552 _____ (Malwarebytes ) C:\Users\test\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-28 16:11 - 2017-06-09 21:56 - 00000007 _____ C:\Users\test\Desktop\Nový textový dokument (3).txt
2017-05-27 16:45 - 2017-05-27 16:45 - 00000825 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-05-27 16:44 - 2017-05-27 16:44 - 50881720 _____ C:\Users\test\Downloads\torbrowser-install-6.5.2_en-US.exe
2017-05-25 18:28 - 2017-05-25 18:41 - 00000032 _____ C:\Users\test\Desktop\Nový textový dokument (2).txt
2017-05-25 13:45 - 2017-05-25 13:45 - 00000000 ____D C:\Users\test\AppData\Local\Tempzxpsigne69e6e49fc943873
2017-05-25 13:45 - 2017-05-25 13:45 - 00000000 ____D C:\Users\test\AppData\Local\Tempzxpsign8274aecee255214d
2017-05-25 13:45 - 2017-05-25 13:45 - 00000000 ____D C:\Users\test\AppData\Local\Tempzxpsign1a73e20885173018
2017-05-25 13:44 - 2017-05-25 17:20 - 00000000 ___RD C:\Users\test\Creative Cloud Files
2017-05-25 13:44 - 2017-05-25 13:44 - 00003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-test-PC-test
2017-05-25 13:43 - 2017-05-25 13:43 - 00000000 ____D C:\Users\test\Documents\Adobe
2017-05-25 13:21 - 2017-05-25 13:26 - 02048544 _____ (Adobe Systems Incorporated) C:\Users\test\Downloads\Photoshop_Set-Up.exe
2017-05-24 14:37 - 2017-05-24 14:37 - 20573734 _____ C:\Users\test\Downloads\vd's intro template.rar
2017-05-24 14:32 - 2017-05-24 14:32 - 13965064 _____ C:\Users\test\Downloads\HeartIntro.blend
2017-05-22 14:31 - 2017-05-22 14:31 - 00000000 ____D C:\Users\test\AppData\Roaming\TownOfSalem
2017-05-22 14:28 - 2017-05-22 14:28 - 00000222 _____ C:\Users\test\Desktop\Town of Salem.url
2017-05-22 05:20 - 2017-05-22 05:20 - 00000000 ____D C:\Users\test\AppData\Local\Colossal Order
2017-05-21 18:17 - 2017-05-21 18:17 - 04734784 _____ () C:\Users\test\Downloads\TechnicLauncher.exe
2017-05-21 17:40 - 2017-06-06 06:30 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-20 17:39 - 2017-05-20 17:39 - 00000222 _____ C:\Users\test\Desktop\Interplanetary.url
2017-05-18 17:29 - 2017-05-24 16:23 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-05-18 17:29 - 2017-05-24 16:23 - 00000000 ____D C:\Users\test\AppData\Local\Discord
2017-05-18 17:29 - 2017-05-18 18:24 - 00000000 ____D C:\Users\test\AppData\Roaming\discord
2017-05-18 17:29 - 2017-05-18 17:30 - 00000000 ____D C:\Users\test\AppData\Local\SquirrelTemp
2017-05-18 17:28 - 2017-05-18 17:29 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\test\Downloads\DiscordSetup.exe
2017-05-16 05:05 - 2017-05-16 05:05 - 00001008 _____ C:\Users\test\Desktop\IdleMaster.exe – zástupce.lnk
2017-05-15 18:36 - 2017-05-15 18:38 - 00000000 ____D C:\Users\test\AppData\Local\IdleMaster
2017-05-15 18:36 - 2017-05-15 18:36 - 01407474 _____ C:\Users\test\Downloads\idle_master.zip
2017-05-15 18:07 - 2017-05-15 18:07 - 00000222 _____ C:\Users\test\Desktop\Dead by Daylight.url
2017-05-15 17:59 - 2017-05-15 17:59 - 00000437 _____ C:\Users\test\Downloads\akkaunty_dlya_zapuska_chita.torrent
2017-05-15 17:58 - 2017-05-15 17:58 - 00000436 _____ C:\Users\test\Downloads\last_man_standing__enebola.torrent
2017-05-15 17:58 - 2017-05-15 17:58 - 00000436 _____ C:\Users\test\Downloads\last_man_standing__enebola (1).torrent
2017-05-15 05:10 - 2017-05-15 05:10 - 00000000 ____D C:\Users\test\AppData\Roaming\OBS
2017-05-15 05:03 - 2017-05-15 05:03 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-14 18:18 - 2017-05-14 18:20 - 00000000 ____D C:\Users\test\AppData\Local\FreeReign
2017-05-14 18:18 - 2017-05-14 18:18 - 00000000 ____D C:\Users\test\Documents\FreeReign
2017-05-14 16:00 - 2017-05-14 16:44 - 787567206 _____ C:\Users\test\Downloads\Teletubbies---2-cz.avi
2017-05-14 15:31 - 2017-05-14 15:55 - 444750934 _____ C:\Users\test\Downloads\Teletubbies.cz.avi
2017-05-14 13:03 - 2017-05-14 13:03 - 00000222 _____ C:\Users\test\Desktop\Last Man Standing.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 16:06 - 2016-02-04 20:33 - 00000000 ____D C:\FRST
2017-06-13 16:05 - 2015-11-20 15:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Skype
2017-06-13 16:01 - 2016-07-17 13:53 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-13 16:00 - 2017-01-02 17:11 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-06-13 15:59 - 2015-11-19 17:50 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-06-13 15:59 - 2015-11-15 01:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-13 15:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 05:29 - 2009-07-14 06:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-13 05:29 - 2009-07-14 06:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-12 22:25 - 2017-03-18 11:43 - 00000000 ____D C:\Users\test\AppData\Local\Battle.net
2017-06-12 20:10 - 2015-11-15 00:12 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{38DB25C1-6B48-4196-8799-61FE26F18AD5}
2017-06-12 18:17 - 2017-03-18 11:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-12 17:08 - 2016-08-22 13:01 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-11 21:23 - 2017-04-04 15:59 - 00000000 ____D C:\Users\test\Desktop\Text Docs
2017-06-11 21:23 - 2016-11-11 16:12 - 00000000 ____D C:\Users\test\Desktop\Songs
2017-06-11 11:38 - 2015-11-20 15:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-11 11:37 - 2015-11-20 15:32 - 00000000 ____D C:\ProgramData\Skype
2017-06-11 11:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2017-06-10 00:16 - 2017-03-21 17:08 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-06-09 15:47 - 2015-11-20 15:39 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-07 20:53 - 2016-03-02 22:35 - 00000250 _____ C:\Users\test\AppData\LocalLow\rbxcsettings.rbx
2017-06-07 14:27 - 2016-11-03 15:09 - 00000000 ____D C:\Users\test\Desktop\photos
2017-05-31 15:57 - 2017-03-19 11:31 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468859727
2017-05-29 14:01 - 2017-03-31 19:58 - 00000000 ____D C:\Users\test\Desktop\memes
2017-05-26 06:51 - 2015-11-15 00:59 - 00000000 ____D C:\Users\test
2017-05-25 21:21 - 2017-03-15 22:33 - 00000000 ____D C:\Program Files\paint.net
2017-05-25 21:20 - 2016-12-17 23:15 - 00000000 ____D C:\Users\test\AppData\Local\Ubisoft Game Launcher
2017-05-25 21:18 - 2015-11-15 00:13 - 00000000 ____D C:\ProgramData\Adobe
2017-05-25 21:17 - 2015-11-21 02:50 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2017-05-25 21:17 - 2015-11-15 00:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-25 17:20 - 2016-04-01 21:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-25 17:20 - 2015-11-15 00:13 - 00000000 ____D C:\Users\test\AppData\Local\Adobe
2017-05-25 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-24 14:33 - 2017-03-13 23:05 - 00000000 ____D C:\tmp
2017-05-24 14:31 - 2017-03-14 18:39 - 00000000 ____D C:\Users\test\Desktop\Introz
2017-05-21 18:18 - 2017-01-08 18:22 - 00000000 ____D C:\Users\test\AppData\Roaming\.minecraft
2017-05-21 17:48 - 2017-04-28 22:23 - 00000974 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-05-18 18:25 - 2015-11-27 23:22 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps
2017-05-16 05:05 - 2017-04-04 16:02 - 00000000 ____D C:\Users\test\Desktop\Errorz
2017-05-15 05:07 - 2015-11-22 00:29 - 00000000 ____D C:\Users\test\Documents\My Games
2017-05-14 17:43 - 2011-04-12 10:34 - 00668540 _____ C:\Windows\system32\perfh005.dat
2017-05-14 17:43 - 2011-04-12 10:34 - 00141200 _____ C:\Windows\system32\perfc005.dat
2017-05-14 17:43 - 2009-07-14 07:13 - 01583214 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-11-01 20:50 - 2016-11-01 20:50 - 0066309 _____ () C:\Users\test\AppData\Roaming\icarus-dxdiag.xml
2015-12-13 17:50 - 2015-12-13 17:50 - 0000097 _____ () C:\Users\test\AppData\Roaming\LauncherSettings_live.cfg
2015-12-13 17:45 - 2015-12-13 17:45 - 0010496 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_live.bin
2015-12-13 17:42 - 2015-12-13 17:42 - 0000039 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_steam_live.cfg
2017-06-13 05:24 - 2017-06-13 05:39 - 0029696 _____ () C:\Users\test\AppData\Local\MSGBOX.EXE
2015-12-19 16:53 - 2016-08-06 20:24 - 0000910 _____ () C:\Users\test\AppData\Local\_settings.ini
2016-02-07 12:00 - 2016-02-07 12:00 - 0000000 _____ () C:\Users\test\AppData\Local\{63A790B6-F334-45F9-9095-128C623918F1}
2016-03-07 18:35 - 2016-03-07 18:35 - 0000000 _____ () C:\Users\test\AppData\Local\{F856788D-C450-4BD4-941B-5EE325C0A541}
2016-06-21 10:10 - 2016-06-21 10:10 - 0000016 _____ () C:\ProgramData\mntemp
2016-02-04 20:06 - 2016-02-04 20:06 - 0001579 _____ () C:\ProgramData\XML

Some files in TEMP:
====================
2016-08-20 13:09 - 2016-08-20 13:10 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\0wK2fRP936NY.exe
2016-08-20 13:15 - 2016-08-20 13:15 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\36L2C91hpOc2.exe
2016-08-20 13:20 - 2016-08-20 13:20 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\6IdKG7Bk82ll.exe
2016-08-20 13:06 - 2016-08-20 13:06 - 4423896 ____N () C:\Users\test\AppData\Local\Temp\6J2P4IzYXfhP.exe
2016-08-20 13:09 - 2016-08-20 13:09 - 0354024 ____N (Mail.Ru) C:\Users\test\AppData\Local\Temp\6O8KGRSs1UJI.exe
2016-06-23 20:32 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\test\AppData\Local\Temp\avguirn_081527225090.exe
2013-08-05 08:15 - 2013-08-05 08:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\test\AppData\Local\Temp\bdfilters.dll
2016-05-05 19:25 - 2017-01-16 22:15 - 0204800 _____ (Sony DADC Austria AG) C:\Users\test\AppData\Local\Temp\drm_dyndata_7370014.dll
2017-03-18 19:16 - 2016-12-09 12:04 - 0037376 _____ (Microsoft) C:\Users\test\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-03-18 19:16 - 2016-12-09 12:04 - 0020992 _____ (Microsoft) C:\Users\test\AppData\Local\Temp\HiRezLauncherControls.dll
2017-03-13 18:19 - 2017-03-13 18:19 - 1210112 _____ (Nebon ) C:\Users\test\AppData\Local\Temp\ICReinstall_microsoft-powerpoint-2010_0898161577.exe
2016-06-11 14:24 - 2016-06-11 14:24 - 0019968 _____ (Red Hat®, Inc.) C:\Users\test\AppData\Local\Temp\jansi-64-1500906192751727374.dll
2016-06-11 14:55 - 2016-06-11 14:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\test\AppData\Local\Temp\jansi-64-1816326095593009825.dll
2016-06-11 14:18 - 2016-06-11 14:18 - 0019968 _____ (Red Hat®, Inc.) C:\Users\test\AppData\Local\Temp\jansi-64-4928161104962210978.dll
2016-06-11 14:52 - 2016-06-11 14:52 - 0019968 _____ (Red Hat®, Inc.) C:\Users\test\AppData\Local\Temp\jansi-64-7146761904377347609.dll
2016-03-28 10:29 - 2016-03-28 10:29 - 0736320 _____ (Oracle Corporation) C:\Users\test\AppData\Local\Temp\jre-8u77-windows-au.exe
2017-05-06 18:47 - 2017-05-06 18:47 - 0399336 _____ (Mail.Ru) C:\Users\test\AppData\Local\Temp\KB35DA713B1987262C.exe
2017-05-06 18:47 - 2017-05-06 18:47 - 2584280 _____ () C:\Users\test\AppData\Local\Temp\KBC8BAF2E1F7F3466A.exe
2016-08-20 13:15 - 2016-08-20 13:15 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\MKvR3lhtvD9e.exe
2016-08-20 13:11 - 2016-08-20 13:11 - 10920664 _____ (DotC United Inc) C:\Users\test\AppData\Local\Temp\MPCSetup_4.3.exe
2016-08-20 13:12 - 2016-08-20 13:12 - 0381152 ____N () C:\Users\test\AppData\Local\Temp\N4MSN9mnC5Mp.exe
2016-08-20 13:10 - 2016-08-20 13:10 - 2197560 ____N (DotC United Inc) C:\Users\test\AppData\Local\Temp\niWgTBOLUyQs.exe
2016-08-20 13:20 - 2016-08-20 13:21 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\oCFu72ys4Mxr.exe
2016-08-20 13:20 - 2016-08-20 13:20 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\rRPaUcIA5Vi8.exe
2016-08-20 13:16 - 2016-08-20 13:16 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\Rx1Ry3rJrw9b.exe
2016-08-20 13:11 - 2016-08-20 13:11 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\S0QcxZ3ouKU3.exe
2016-05-19 06:36 - 2016-05-19 06:37 - 45196928 _____ (Skype Technologies S.A.) C:\Users\test\AppData\Local\Temp\SkypeSetup.exe
2016-08-20 13:21 - 2016-08-20 13:21 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\SpwSSEdaY75N.exe
2016-05-05 18:26 - 2016-05-05 18:26 - 13767776 _____ (Microsoft Corporation) C:\Users\test\AppData\Local\Temp\vsredistsetup.exe
2016-08-20 13:16 - 2016-08-20 13:16 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\wYdVt2BQIekS.exe
2016-08-20 13:10 - 2016-08-20 13:10 - 0000000 _____ () C:\Users\test\AppData\Local\Temp\xCg7vJDTsw8v.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 0118784 _____ () C:\Users\test\AppData\Local\Temp\xmlUpdater.exe
2016-08-18 20:18 - 2016-08-18 20:18 - 0534528 _____ () C:\Users\test\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-12 16:25

==================== End of FRST.txt ============================

[Rudy]

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BingSvc] => C:\Users\test\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\test\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [wzqnxjwmbp] => explorer "hxxp://lawsol.ru/?utm_source=uoua03&utm_content=af8da7b20b3eefcb65f8f1213ce5095e&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820" <===== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {00f7291a-9351-11e5-8485-bc5ff4a88402} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {aa919414-ce6c-11e5-97b4-bc5ff4a88402} - F:\Lenovo_Suite.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-1906927588-4285542165-1585533686-1000] => hxxp://accessunstop.com/wpad.dat?7a1de6 ... 5c33364717
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=147 ... 1_9C96E3AC
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=147 ... 1_9C96E3AC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds ... C96E3AC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3CF68074-CCD4-4FF0-B601-9D665036F5AB}&mid=6fc4bfc0856147cca73f6d16b24c6df1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-16 17:50:38&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7C0D9D0E-D3E5-42E8-A1C7-2E383D19CD39%7D&gp=811041
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [No File]
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
S2 JunetoeU; "C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe" [X]
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
2 OnfatDL; "C:\Users\test\AppData\Local\Temp\ist5BED.tmp\tools\cawda.exe" [X] <==== ATTENTION
S2 SoEasySvc; "C:\Program Files (x86)\SoSoEasy\SoSoEasySvc.exe" {8DE54EC4-2DF3-4F56-9F19-EBC2BDF2FF59} [X] <==== ATTENTION
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION
C:\Users\test\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
Task: {10A4EB57-22E8-4D8C-8309-591A03D24FF8} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION
Task: {14088108-5386-4661-A00A-ADFACBA5FE88} - System32\Tasks\youfreenewscombcoms => "" [Argument = youfreenews.com/bcoms]
Task: {1F486116-419B-495E-892B-811EE074763B} - System32\Tasks\OnfatUpdateTaskMachineCore => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {4F967D56-9C4C-415D-B0E1-977668333E6F} - System32\Tasks\{E9E4F67C-4149-457E-9DA0-22F90420D7B2} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\Uninstall.exe" -c /xuninstall
Task: {5934F67B-6718-4006-98E3-925B5625D19C} - System32\Tasks\JunetoeUpdateTaskMachineUA => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
Task: {6EB7126A-0CD4-4B66-A117-A5B99CC16706} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== ATTENTION
ask: {8F3C9A63-DA4C-4888-9427-382CE9741B57} - System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {9A970427-6206-404F-A566-86C90C55A772} - System32\Tasks\OnfatUpdateTaskMachineUA => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {AFE0B9BF-DF67-4DCF-BB2A-52BE2497CBDB} - System32\Tasks\InternetE => "" [Argument = http://howtobleases.xyz/kreps]
Task: {BEDB5EB5-85CB-4B0C-A1ED-1F68DB31EEF6} - \GoogleUpdateTaskMachineUA1d12d273beedd3d -> No File <==== ATTENTION
Task: {F2D18390-9770-4EDD-83A5-DACA480C15A1} - System32\Tasks\JunetoeUpdateTaskMachineCore => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\test\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://haxtaxy.ru/?utm_source=startlink03&utm_content=c9929528e6af3413fb1863d8e75afaa4&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820"
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1440,900
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Swukle]

Viděsilo mě to, že když jsem restartoval PC tak jsem měl Black Screen.. ale už je to hotovo.. tu je log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by test (13-06-2017 18:04:00) Run:1
Running from C:\Users\test\Desktop
Loaded Profiles: test (Available Profiles: test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BingSvc] => C:\Users\test\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\test\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [wzqnxjwmbp] => explorer "hxxp://lawsol.ru/?utm_source=uoua03&utm_content=af8da7b20b3eefcb65f8f1213ce5095e&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820" <===== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {00f7291a-9351-11e5-8485-bc5ff4a88402} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\MountPoints2: {aa919414-ce6c-11e5-97b4-bc5ff4a88402} - F:\Lenovo_Suite.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-1906927588-4285542165-1585533686-1000] => hxxp://accessunstop.com/wpad.dat?7a1de6 ... 5c33364717
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=147 ... 1_9C96E3AC
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=147 ... 1_9C96E3AC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... C96E3AC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds ... C96E3AC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3CF68074-CCD4-4FF0-B601-9D665036F5AB}&mid=6fc4bfc0856147cca73f6d16b24c6df1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-16 17:50:38&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7C0D9D0E-D3E5-42E8-A1C7-2E383D19CD39%7D&gp=811041
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [No File]
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
S2 JunetoeU; "C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe" [X]
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
2 OnfatDL; "C:\Users\test\AppData\Local\Temp\ist5BED.tmp\tools\cawda.exe" [X] <==== ATTENTION
S2 SoEasySvc; "C:\Program Files (x86)\SoSoEasy\SoSoEasySvc.exe" {8DE54EC4-2DF3-4F56-9F19-EBC2BDF2FF59} [X] <==== ATTENTION
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION
C:\Users\test\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
Task: {10A4EB57-22E8-4D8C-8309-591A03D24FF8} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION
Task: {14088108-5386-4661-A00A-ADFACBA5FE88} - System32\Tasks\youfreenewscombcoms => "" [Argument = youfreenews.com/bcoms]
Task: {1F486116-419B-495E-892B-811EE074763B} - System32\Tasks\OnfatUpdateTaskMachineCore => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {4F967D56-9C4C-415D-B0E1-977668333E6F} - System32\Tasks\{E9E4F67C-4149-457E-9DA0-22F90420D7B2} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\Uninstall.exe" -c /xuninstall
Task: {5934F67B-6718-4006-98E3-925B5625D19C} - System32\Tasks\JunetoeUpdateTaskMachineUA => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
Task: {6EB7126A-0CD4-4B66-A117-A5B99CC16706} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== ATTENTION
ask: {8F3C9A63-DA4C-4888-9427-382CE9741B57} - System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {9A970427-6206-404F-A566-86C90C55A772} - System32\Tasks\OnfatUpdateTaskMachineUA => C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe <==== ATTENTION
Task: {AFE0B9BF-DF67-4DCF-BB2A-52BE2497CBDB} - System32\Tasks\InternetE => "" [Argument = http://howtobleases.xyz/kreps]
Task: {BEDB5EB5-85CB-4B0C-A1ED-1F68DB31EEF6} - \GoogleUpdateTaskMachineUA1d12d273beedd3d -> No File <==== ATTENTION
Task: {F2D18390-9770-4EDD-83A5-DACA480C15A1} - System32\Tasks\JunetoeUpdateTaskMachineCore => C:\Program Files (x86)\Junetoe\Update\JunetoeUpdate.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\test\AppData\Local\Microsoft\Start Menu\?o??? ? ???e??e?.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://haxtaxy.ru/?utm_source=startlink03&utm_content=c9929528e6af3413fb1863d8e75afaa4&utm_term=6459F5F86A23F50FD4964C16789E6D8E&utm_d=20160820"
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1440,900
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
"C:\Users\test\AppData\Local\Microsoft\BingSvc" => not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wzqnxjwmbp => value removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f7291a-9351-11e5-8485-bc5ff4a88402} => key removed successfully
HKLM\Software\Classes\CLSID\{00f7291a-9351-11e5-8485-bc5ff4a88402} => key not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa919414-ce6c-11e5-97b4-bc5ff4a88402} => key removed successfully
HKLM\Software\Classes\CLSID\{aa919414-ce6c-11e5-97b4-bc5ff4a88402} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.101.2 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2 => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\System\CurrentControlSet\Services\JunetoeU => key removed successfully
JunetoeU => service removed successfully
HKLM\System\CurrentControlSet\Services\ed2kidle => key removed successfully
ed2kidle => service removed successfully
2 OnfatDL; "C:\Users\test\AppData\Local\Temp\ist5BED.tmp\tools\cawda.exe" [X] <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\SoEasySvc => key removed successfully
SoEasySvc => service removed successfully
HKLM\System\CurrentControlSet\Services\MPCKpt => key removed successfully
MPCKpt => service removed successfully

"C:\Users\test\AppData\Local\Temp" folder move:

Could not move "C:\Users\test\AppData\Local\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10A4EB57-22E8-4D8C-8309-591A03D24FF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A4EB57-22E8-4D8C-8309-591A03D24FF8} => key removed successfully
C:\Windows\System32\Tasks\BossseedUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BossseedUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14088108-5386-4661-A00A-ADFACBA5FE88} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14088108-5386-4661-A00A-ADFACBA5FE88} => key removed successfully
C:\Windows\System32\Tasks\youfreenewscombcoms => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\youfreenewscombcoms => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F486116-419B-495E-892B-811EE074763B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F486116-419B-495E-892B-811EE074763B} => key removed successfully
C:\Windows\System32\Tasks\OnfatUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OnfatUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F967D56-9C4C-415D-B0E1-977668333E6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F967D56-9C4C-415D-B0E1-977668333E6F} => key removed successfully
C:\Windows\System32\Tasks\{E9E4F67C-4149-457E-9DA0-22F90420D7B2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9E4F67C-4149-457E-9DA0-22F90420D7B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5934F67B-6718-4006-98E3-925B5625D19C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5934F67B-6718-4006-98E3-925B5625D19C} => key removed successfully
C:\Windows\System32\Tasks\JunetoeUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JunetoeUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EB7126A-0CD4-4B66-A117-A5B99CC16706} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EB7126A-0CD4-4B66-A117-A5B99CC16706} => key removed successfully
C:\Windows\System32\Tasks\ChelfNotify Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChelfNotify Task => key removed successfully
ask: {8F3C9A63-DA4C-4888-9427-382CE9741B57} - System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A970427-6206-404F-A566-86C90C55A772} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A970427-6206-404F-A566-86C90C55A772} => key removed successfully
C:\Windows\System32\Tasks\OnfatUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OnfatUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE0B9BF-DF67-4DCF-BB2A-52BE2497CBDB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE0B9BF-DF67-4DCF-BB2A-52BE2497CBDB} => key removed successfully
C:\Windows\System32\Tasks\InternetE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InternetE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEDB5EB5-85CB-4B0C-A1ED-1F68DB31EEF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEDB5EB5-85CB-4B0C-A1ED-1F68DB31EEF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d12d273beedd3d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2D18390-9770-4EDD-83A5-DACA480C15A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D18390-9770-4EDD-83A5-DACA480C15A1} => key removed successfully
C:\Windows\System32\Tasks\JunetoeUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JunetoeUpdateTaskMachineCore => key removed successfully
C:\Users\test\AppData\Local\Microsoft\Start Menu\?o??? ? ???e??e?.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk => Shortcut argument removed successfully.
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27498344 B
Java, Flash, Steam htmlcache => 442923390 B
Windows/system/drivers => 787767262 B
Edge => 0 B
Chrome => 818143866 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 13688 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58575743 B
systemprofile32 => 10258032 B
LocalService => 66228 B
NetworkService => 632008 B
test => 5265762991 B

RecycleBin => 0 B
EmptyTemp: => 6.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-06-2017 18:12:52)

C:\Users\test\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:13:03 ====

[Swukle]

A stále mi vyskakují Reklamy.. a když něco vyhledám někdy se to vyhledávání přesune na jinou stránku, mám si přeinstalovat google? nebo je to furt nějaká infekce?

[Rudy]

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.