Vypínání PC trvá několik minut

[kemgura07]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kengura at 2020-08-10 18:11:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 417 GB (84%) free of 495 GB
Total RAM: 3839 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:45, on 10.8.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files\trend micro\Kengura.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centrum.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F6C31DC-BADA-423A-8897-09AAEB056DD3}: NameServer = 100.120.205.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine VPN (SecureLine) - AVAST Software - C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7818 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {07AD5B1E-2A34-4655-8B35-32587539C070}
"C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe" -boot
AvastUI.exe /nogui
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Program Files\AVAST Software\Avast\aswEngSrv.exe" /pipename="1CECE913-521E-298B-C363-2271988A444E" /binpath="C:\Program Files\AVAST Software\Avast"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "32157628416150148471005484709-1959624341-15454776701095949958687822610-251124697
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=6548,959331493615014796,16103390726526949415,131072 --no-sandbox --log-file="C:\Users\Kengura\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=verbose --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.6.2420)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --force-device-scale-factor=1.25 --pack_loading_disabled=1 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAMAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=17376860392595957584 --mojo-platform-channel-handle=6868 /prefetch:2
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.0.491800615\1225456342" -parentBuildID 20200720193547 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 1 -prefMapSize 233089 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 1192 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.6.449124410\919571534" -childID 1 -isForBrowser -prefsHandle 1856 -prefMapHandle 1852 -prefsLen 314 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 1868 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.20.1409531388\1623568865" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3732 -prefsLen 6733 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 3804 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.27.1291650638\1235133184" -childID 4 -isForBrowser -prefsHandle 4320 -prefMapHandle 1752 -prefsLen 7569 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 4380 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.48.1413825630\820624636" -childID 7 -isForBrowser -prefsHandle 4712 -prefMapHandle 3756 -prefsLen 8308 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 3096 tab

"C:\Users\Kengura\Pictures\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Avast Driver Updater Startup.job - C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe -boot

=========Mozilla firefox=========

ProfilePath - C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.403 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.231.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.231.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.403 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-07-30 109160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [2020-05-04 5417008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeGCInvoker-1.0]
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2020-05-05 3325520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-03-29 13513288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2013-01-08 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-10-05 645648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast SecureLine VPN.lnk]
C:\PROGRA~1\AVASTS~1\SECURE~1\Vpn.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-08-10 18:11:26 ----D---- C:\rsit
2020-08-10 14:39:05 ----N---- C:\bootsqm.dat
2020-08-09 21:17:42 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-08-08 18:46:51 ----D---- C:\Program Files\Zoner
2020-08-08 15:32:03 ----A---- C:\Windows\system32\drivers\SWDUMon.sys
2020-08-08 14:06:53 ----A---- C:\Windows\system32\drivers\mbae64.sys
2020-08-08 14:06:46 ----D---- C:\ProgramData\Malwarebytes
2020-08-07 21:47:52 ----D---- C:\Users\Kengura\AppData\Roaming\calibre
2020-08-07 21:40:06 ----SHD---- C:\$RECYCLE.BIN
2020-08-07 21:21:51 ----A---- C:\Windows\zoek-delete.exe
2020-08-07 21:21:50 ----D---- C:\Windows\Temp
2020-08-03 20:38:02 ----D---- C:\Program Files (x86)\MegaDev
2020-08-01 13:39:50 ----D---- C:\Program Files (x86)\Two Worlds II HD Shattered Embrace
2020-07-31 17:48:46 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2020-07-31 17:48:45 ----DC---- C:\Windows\system32\DRVSTORE
2020-07-31 17:48:05 ----D---- C:\Users\Kengura\AppData\Roaming\ATI
2020-07-31 17:48:05 ----D---- C:\ProgramData\ATI
2020-07-31 17:47:59 ----D---- C:\Program Files (x86)\ATI Technologies
2020-07-31 17:32:26 ----D---- C:\ProgramData\AMD
2020-07-31 17:31:34 ----D---- C:\Program Files\AMD
2020-07-31 17:28:41 ----D---- C:\AMD
2020-07-30 13:55:43 ----A---- C:\Windows\system32\aswBoot.exe
2020-07-30 13:55:40 ----A---- C:\Windows\system32\drivers\aswStm.sys
2020-07-30 13:55:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2020-07-20 20:51:06 ----D---- C:\Program Files (x86)\Avast Driver Updater
2020-07-20 20:11:34 ----A---- C:\Windows\system32\icarus_rvrt.exe
2020-07-20 18:26:51 ----A---- C:\Windows\system32\drivers\aswNetHub.sys
2020-07-20 18:26:36 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2020-07-14 14:20:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2020-08-10 18:11:28 ----D---- C:\Program Files\trend micro
2020-08-10 17:27:05 ----D---- C:\Windows\system32\config
2020-08-10 17:21:20 ----D---- C:\ProgramData\AVAST Software
2020-08-10 17:11:42 ----D---- C:\Windows\system32\drivers
2020-08-10 17:10:51 ----D---- C:\Windows
2020-08-10 16:45:52 ----D---- C:\Windows\inf
2020-08-10 13:27:03 ----D---- C:\Windows\winsxs
2020-08-10 13:26:57 ----D---- C:\Windows\system32\catroot2
2020-08-10 12:56:04 ----HD---- C:\Windows\system32\GroupPolicy
2020-08-10 11:17:33 ----SHD---- C:\Windows\Installer
2020-08-10 11:12:57 ----D---- C:\Program Files (x86)\Google
2020-08-10 11:12:30 ----D---- C:\Windows\system32\Tasks
2020-08-10 10:40:50 ----D---- C:\Program Files (x86)\Microsoft
2020-08-10 10:03:57 ----SHD---- C:\System Volume Information
2020-08-09 14:45:54 ----D---- C:\Windows\Tasks
2020-08-09 14:35:32 ----D---- C:\Windows\SoftwareDistribution
2020-08-09 13:58:50 ----D---- C:\Windows\Prefetch
2020-08-08 18:46:51 ----RD---- C:\Program Files
2020-08-08 14:07:17 ----HD---- C:\ProgramData
2020-08-07 20:18:19 ----D---- C:\Windows\system32\drivers\etc
2020-08-07 20:14:36 ----D---- C:\Windows\SysWOW64
2020-08-06 17:49:20 ----D---- C:\Users\Kengura\AppData\Roaming\Zoner
2020-08-03 20:38:02 ----RD---- C:\Program Files (x86)
2020-08-01 20:41:49 ----D---- C:\Program Files\WinRAR
2020-08-01 10:21:31 ----D---- C:\Windows\Microsoft.NET
2020-07-31 17:48:45 ----D---- C:\Windows\System32
2020-07-31 17:32:07 ----D---- C:\Program Files (x86)\AMD
2020-07-28 19:26:31 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-28 17:07:10 ----D---- C:\Program Files\Mozilla Firefox
2020-07-27 13:10:53 ----D---- C:\Windows\system32\catroot
2020-07-23 11:44:23 ----D---- C:\ProgramData\Ashampoo
2020-07-21 15:49:23 ----D---- C:\Program Files\AVAST Software
2020-07-20 20:11:35 ----D---- C:\Program Files\Common Files\AVAST Software
2020-07-20 18:27:20 ----D---- C:\Windows\system32\DriverStore
2020-07-14 16:41:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2020-07-14 16:41:47 ----D---- C:\Windows\system32\Macromed
2020-07-14 16:41:44 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2020-07-30 195656]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2020-07-30 60488]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2020-07-30 84856]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2020-08-04 323784]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2020-07-30 205888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2020-07-30 235592]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2020-07-30 42776]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2020-07-30 515544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2020-07-30 109280]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2020-07-30 851608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2020-07-30 466752]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 516096]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2020-07-30 175200]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2020-07-30 217336]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2020-07-20 38152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-29 3379272]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-03-20 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 27584]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-11-14 56384]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-02-01 819784]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 60640]
S2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys []
S3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2006-06-27 47616]
S3 AsrCDDrv;AsrCDDrv; C:\Windows\system32\drivers\AsrCDDrv.sys []
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2018-09-05 53904]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2019-02-07 95232]
S3 cpuz145;cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2013-01-08 71168]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-08-09 248968]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-12-28 1547616]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2013-01-08 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2013-01-08 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2013-01-08 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2020-08-10 25608]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2013-10-02 29696]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2013-01-08 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2013-01-08 21760]
S4 IMFMBRProtect;IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-05-07 169032]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2020-05-05 3673680]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020-05-05 3406416]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-04 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-07-30 353696]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2020-08-05 1072800]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2521024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2019-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2019-02-01 107832]
R2 SecureLine;Avast SecureLine VPN; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [2020-07-20 7415168]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-07-30 7776160]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 3632576]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-07-14 335416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-08-10 156104]
S3 GoogleChromeElevationService;Google Chrome Elevation Service (GoogleChromeElevationService); C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\elevation_service.exe [2020-07-24 1309680]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-08-10 156104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-12-17 116224]
S3 MBAMService;Malwarebytes Service; C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe [2020-08-09 6970968]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-07-28 244432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2019-10-12 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[kemgura07]

Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-10-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1555 octets] - [10/08/2020 18:41:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

[kemgura07]

Něco se zvrtlo.Místo logů se objevily dva prázdné poznámkové bloky a 2x nápis - Nelze najít soubor desktop.Chcete založit nový soubor - Skenování jsem opakoval 4x se stejným výsledkem...

[Rudy]

Máte FRST na ploše? Pokud ne a nefunguje to, přesuňte frst do jiného adresáře a zkuste zopakovat.

[kemgura07]

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by Kengura (administrator) on KENGURA-PC (10-08-2020 21:10:03)
Running from C:\Users\Kengura\Music\Nová složka (2)
Loaded Profiles: Kengura
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(ZONER software, a.s. -> ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-14] (Microsoft Windows -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2009-07-14] (Microsoft Windows -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-08-10] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {097AC5DE-0355-44DF-9A2F-BD9EF099C145} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5098136 2020-07-14] (Avast Software s.r.o. -> Avast Software)
Task: {0D1CF483-F76D-4293-8B8A-8AA83F3F3B7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {1757AB17-B338-4904-82B1-2F7962402B2B} - System32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {25D37675-1FE5-4BDE-A855-BFE3E668A9B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {270E1E9D-E551-4B08-BCF8-E6953B1C8937} - System32\Tasks\{19144672-213B-4E0A-8C62-5B805948C173} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/cs/abandoninstall?page=tsMain
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {3314AB66-2EDE-498A-8265-0A8DF6CCA845} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {3586ABC6-67A0-4066-9AAC-AFC193EEA01F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {37B8E67D-0561-4919-8E42-F20DE303A856} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39695DC4-942B-406E-A58E-C17A6876B1A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
Task: {6C2BAF35-184E-4AFC-A438-6BD6E7E9AAD0} - System32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {705F29F4-3702-4CCB-A38A-B98ECE4D8771} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1180488 2020-07-20] (Avast Software s.r.o. -> AVAST Software)
Task: {7A4366E9-434D-4AD2-A2EA-EEB4AE47C2D2} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30244064 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B4408386-0D70-4B59-904A-F458F096232B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {C7508DE0-47F1-44E0-999F-DB8695939B64} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe
Task: {D268755B-D7AB-4F04-8D68-995D71C16FDD} - System32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
Task: {E83A6B45-F18A-4715-8E7E-7E36ED9BF3B6} - System32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {F3E00393-37C5-4F50-B723-E990DE6C4816} - System32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263} => C:\Users\Kengura\Desktop\avastdriverupdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.96.160.6 212.96.161.7
Tcpip\..\Interfaces\{1FF80274-5A8A-4731-92C6-A2EA8D10DC61}: [DhcpNameServer] 212.96.160.6 212.96.161.7
Tcpip\..\Interfaces\{8F6C31DC-BADA-423A-8897-09AAEB056DD3}: [NameServer] 100.120.205.1
Tcpip\..\Interfaces\{B8835B1F-9A53-4FF1-92A4-90FF0D73217C}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.centrum.cz/
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
SearchScopes: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: m2usc0l4.default
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 [2020-08-10]
FF Homepage: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> hxxps://www.seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> hxxps://aukro.cz
FF Extension: (Facebook Container) - C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304\Extensions\@contain-facebook.xpi [2020-07-28]
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default [2020-08-10]
FF Homepage: Mozilla\Firefox\Profiles\m2usc0l4.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\m2usc0l4.default -> about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2263194865-3938205509-2482612845-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-13] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default [2020-08-10]
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR Extension: (Prezentace) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-08-10]
CHR Extension: (Dokumenty) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-08-10]
CHR Extension: (Disk Google) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-08-10]
CHR Extension: (YouTube) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-08-10]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-08-10]
CHR Extension: (Tabulky) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-08-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-10]
CHR Extension: (Gmail) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-10]
CHR Profile: C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1072800 2020-08-05] (Avast Software s.r.o. -> AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2019-02-01] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2019-02-01] (Even Balance, Inc. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [7415168 2020-07-20] (Avast Software s.r.o. -> AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 NMIndexingService; no ImagePath

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47616 2006-06-27] (Advanced Micro Devices, Inc. -> AMD, Inc.)
S3 AsrCDDrv; no ImagePath
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-04] (Avast Software s.r.o. -> AVAST Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-08-10] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-10 20:54 - 2020-08-10 21:10 - 000000000 ____D C:\FRST
2020-08-10 18:40 - 2020-08-10 18:53 - 000000000 ____D C:\AdwCleaner
2020-08-10 11:13 - 2020-08-10 11:13 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-10 11:13 - 2020-08-10 11:13 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-08-10 11:13 - 2020-08-10 11:13 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-08-10 11:12 - 2020-08-10 15:03 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-08-09 21:17 - 2020-08-09 21:17 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-09 11:11 - 2020-08-09 21:17 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-08 18:47 - 2020-08-08 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
2020-08-08 18:46 - 2020-08-08 18:46 - 000000000 ____D C:\Program Files\Zoner
2020-08-08 15:32 - 2020-08-10 20:08 - 000002916 _____ C:\Windows\system32\Tasks\Avast Driver Updater Startup
2020-08-08 15:32 - 2020-08-10 20:08 - 000000486 _____ C:\Windows\Tasks\Avast Driver Updater Startup.job
2020-08-08 15:32 - 2020-08-10 20:07 - 000025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2020-08-08 15:32 - 2020-08-10 15:31 - 000000000 ____D C:\Users\Kengura\AppData\Local\AVAST Software
2020-08-08 14:06 - 2020-08-09 21:17 - 000002013 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-08 14:06 - 2020-08-09 21:17 - 000002013 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-08 14:06 - 2020-08-09 21:16 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-08 14:06 - 2020-08-08 14:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-07 22:11 - 2020-08-07 22:11 - 000000000 ____D C:\Users\Kengura\AppData\Local\VirtualStore
2020-08-07 21:47 - 2020-08-07 21:50 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\calibre
2020-08-07 21:26 - 2020-08-07 21:26 - 000003938 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2020-08-07 21:21 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2020-08-03 23:10 - 2020-08-03 23:10 - 000000047 _____ C:\Users\Kengura\Documents\mt-x_hook.txt
2020-08-03 20:41 - 2020-08-03 23:10 - 000000007 _____ C:\Users\Kengura\Documents\mt-e_hook.txt
2020-08-03 20:38 - 2020-08-03 20:38 - 000000000 ____D C:\Program Files (x86)\MegaDev
2020-08-01 13:48 - 2020-08-01 19:03 - 000001234 _____ C:\Users\Kengura\Desktop\Two Worlds II HD Shattered Embrace.lnk
2020-08-01 13:48 - 2020-08-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Two Worlds II HD Shattered Embrace
2020-08-01 13:39 - 2020-08-03 20:46 - 000000000 ____D C:\Program Files (x86)\Two Worlds II HD Shattered Embrace
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\ATI
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\Users\Kengura\AppData\Local\ATI
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\ProgramData\ATI
2020-07-31 17:48 - 2000-01-01 02:00 - 000060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2020-07-31 17:47 - 2020-07-31 17:47 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2020-07-31 17:34 - 2020-07-31 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2020-07-31 17:32 - 2020-07-31 17:32 - 000000000 ____D C:\ProgramData\AMD
2020-07-31 17:31 - 2020-07-31 17:33 - 000000000 ____D C:\Program Files\AMD
2020-07-31 17:28 - 2020-07-31 17:28 - 000000000 ____D C:\AMD
2020-07-31 15:32 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
2020-07-31 15:32 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
2020-07-30 13:55 - 2020-07-30 13:55 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-07-30 13:55 - 2020-07-30 13:55 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-07-30 13:55 - 2020-07-30 13:55 - 000175200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-07-25 11:22 - 2020-07-25 11:22 - 000001948 _____ C:\Users\Kengura\Desktop\adwcleaner_8.0.7.lnk
2020-07-20 20:51 - 2020-07-20 20:57 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2020-07-20 20:51 - 2020-07-20 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2020-07-20 20:11 - 2020-07-21 15:49 - 000002073 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2020-07-20 20:11 - 2020-07-21 15:49 - 000002073 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
2020-07-20 20:11 - 2020-07-14 08:45 - 000076184 _____ (Avast Software) C:\Windows\system32\icarus_rvrt.exe
2020-07-20 18:26 - 2020-07-30 13:55 - 000515544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-07-20 18:26 - 2020-07-20 18:26 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2020-07-14 14:20 - 2020-07-14 16:41 - 009585208 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-01 23:17 - 2019-10-25 17:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2025-03-01 23:17 - 2019-10-25 17:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-08-10 21:06 - 2019-10-10 12:30 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\Mozilla
2020-08-10 20:15 - 2009-07-14 06:45 - 000028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-10 20:15 - 2009-07-14 06:45 - 000028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-10 20:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-10 18:11 - 2019-10-20 12:46 - 000000000 ____D C:\Program Files\trend micro
2020-08-10 17:21 - 2019-09-27 15:38 - 000000000 ____D C:\ProgramData\AVAST Software
2020-08-10 16:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-10 16:16 - 2020-01-14 20:00 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\IGDump
2020-08-10 15:03 - 2020-03-26 22:39 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-10 15:03 - 2020-03-26 22:39 - 000002816 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-08-10 15:03 - 2019-10-26 15:19 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-08-10 15:03 - 2019-10-25 17:42 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-10 15:03 - 2019-09-27 15:41 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-08-10 12:56 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-10 11:13 - 2015-02-07 17:30 - 000000000 ____D C:\Users\Kengura\AppData\Local\Google
2020-08-10 11:12 - 2015-02-07 17:30 - 000000000 ____D C:\Program Files (x86)\Google
2020-08-09 14:27 - 2014-09-28 19:39 - 000007596 _____ C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg
2020-08-07 21:50 - 2020-01-18 18:08 - 000000000 ____D C:\Users\Kengura\Knihovna Calibre
2020-08-06 20:09 - 2020-03-26 22:39 - 000000827 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-08-06 20:09 - 2020-03-26 22:39 - 000000827 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-08-06 17:49 - 2014-07-03 13:07 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\Zoner
2020-08-06 15:40 - 2014-07-03 13:07 - 000000000 ____D C:\Users\Kengura\AppData\Local\Zoner
2020-08-04 14:32 - 2019-09-27 15:40 - 000323784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-08-03 11:31 - 2020-01-15 13:46 - 000000000 ____D C:\Users\Kengura\AppData\Local\Two Worlds II
2020-08-01 20:41 - 2015-11-06 13:53 - 000000000 ____D C:\Program Files\WinRAR
2020-08-01 17:35 - 2018-02-05 17:23 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-08-01 17:35 - 2018-02-05 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-08-01 09:38 - 2019-09-27 15:40 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-07-31 17:32 - 2017-04-11 19:28 - 000000000 ____D C:\Program Files (x86)\AMD
2020-07-30 13:55 - 2019-09-27 15:40 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000466752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000205888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000195656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000060488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000042776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-07-30 13:54 - 2019-10-10 10:38 - 000235592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-07-28 19:26 - 2019-10-26 16:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-28 17:07 - 2020-04-04 11:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-24 13:34 - 2020-01-22 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-07-23 11:44 - 2019-12-10 19:31 - 000000000 ____D C:\ProgramData\Ashampoo
2020-07-22 20:05 - 2019-11-15 13:34 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\uTorrent
2020-07-22 20:03 - 2019-10-10 19:12 - 000000000 ____D C:\Users\Kengura\AppData\Local\BitTorrentHelper
2020-07-21 15:49 - 2019-09-27 15:39 - 000000000 ____D C:\Program Files\AVAST Software
2020-07-21 11:59 - 2019-09-27 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-07-20 20:11 - 2019-09-27 15:40 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-07-14 16:41 - 2014-06-27 17:36 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-14 16:41 - 2014-06-27 17:36 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-14 16:41 - 2014-06-27 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-07-14 16:41 - 2014-06-27 17:36 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ========

2014-10-29 15:18 - 2014-10-29 15:19 - 000002292 _____ () C:\Users\Kengura\AppData\Roaming\ASSDraw3.cfg
2014-06-28 23:09 - 2020-01-10 15:58 - 000099384 _____ () C:\Users\Kengura\AppData\Roaming\inst.exe
2014-06-28 23:09 - 2020-01-10 15:58 - 000007859 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.cat
2014-06-28 23:09 - 2020-01-10 15:58 - 000001167 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.inf
2014-06-28 23:09 - 2020-01-10 15:58 - 000082816 _____ (VSO Software) C:\Users\Kengura\AppData\Roaming\pcouffin.sys
2016-02-22 17:56 - 2018-10-27 10:27 - 000047648 _____ () C:\Users\Kengura\AppData\Roaming\SLOVA.WAV
2016-02-22 17:56 - 2018-10-27 10:27 - 000047248 _____ () C:\Users\Kengura\AppData\Roaming\TMP.WAV
2014-06-28 23:09 - 2018-02-21 18:26 - 000001041 _____ () C:\Users\Kengura\AppData\Roaming\vso_ts_preview.xml
2017-12-11 16:57 - 2020-06-25 17:11 - 000004608 _____ () C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 19:39 - 2020-08-09 14:27 - 000007596 _____ () C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-06 12:55
==================== End of FRST.txt ========================

[kemgura07]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Kengura (10-08-2020 21:11:25)
Running from C:\Users\Kengura\Music\Nová složka (2)
Windows 7 Professional Service Pack 1 (X64) (2014-06-27 10:30:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2263194865-3938205509-2482612845-500 - Administrator - Disabled)
Guest (S-1-5-21-2263194865-3938205509-2482612845-501 - Limited - Disabled)
Kengura (S-1-5-21-2263194865-3938205509-2482612845-1000 - Administrator - Enabled) => C:\Users\Kengura

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.403 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.403 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{1C819A99-37D1-DE8C-68DF-3AEB5A2C9BE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.6.2420 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.6.4982.470 - Avast Software)
calibre 64bit (HKLM\...\{40539A18-5471-4A0D-91BB-D0E5274B9D41}) (Version: 3.48.0 - Kovid Goyal)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.0.0.65 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.1.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.1.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.0.29 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Far Cry (AMD64 Exclusive Content Update) (HKLM\...\{2304A2EE-010B-43EE-90F8-2218FB93244E}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Patch 1.32 AMD64) (HKLM\...\{02A116A8-E559-488C-879C-B212F3EA963A}) (Version: 1.00.0000 - Ubisoft) Hidden
FormatFactory 4.4.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.1.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.105 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
LightScribe 1.4.136.1 (HKLM-x32\...\{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}) (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 verze 1.5 (HKLM-x32\...\Microsoft Office 2007 Service Pack 2_is1) (Version: 1.5 - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 79.0 (x64 cs) (HKLM\...\Mozilla Firefox 79.0 (x64 cs)) (Version: 79.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0.1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.6 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Two Worlds II HD Shattered Embrace (HKLM-x32\...\Two Worlds II HD Shattered Embrace_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: - ZONER software)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2006-12-14 17:49 - 2006-12-14 17:49 - 000032768 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2006-12-14 17:49 - 2006-12-14 17:49 - 000081920 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2017-04-22 13:18 - 2017-04-22 13:18 - 000548864 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCP80.dll
2017-04-22 13:18 - 2017-04-22 13:18 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2017-11-02 11:22 - 2016-11-14 11:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE trusted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2020-08-08 14:13 - 000000843 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.96.160.6 - 212.96.161.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast SecureLine VPN.lnk => C:\Windows\pss\Avast SecureLine VPN.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{180647CE-CD26-462D-8C88-8F9D06C51512}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BEA36291-F47D-43C7-B6D4-56405C29A2B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A6E384AC-C0D4-4170-9BDF-DACA85F4FD91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{181A614B-2827-4197-80FA-989C0556181A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A70008D5-2976-4F69-A6BE-CEF7194F0B86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87061B7D-B996-452E-9EA5-A8E7C13C2442}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A79ABCB4-3DB0-47FC-94FA-EDC91CA0EAE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D119A1B4-D222-4A27-B85C-7196BF6CC96B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{DB5BA41B-CB8B-46C7-A7EC-A988BEF4D2B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{7156E19A-0A5B-4AD6-8872-739B8A1FF8C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A6C5ABBF-0251-459B-9BC0-F9D397B2DE77}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6941EEF8-0988-45C9-8B6B-597A82962522}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6EF4A1D4-00F3-48E5-93D5-ECCAD2F4D9D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F606FBA-E05E-415A-B830-597C9F2B5F6A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A8847724-F3CB-4ED7-8E39-2DF4AD44FFB3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{DA693B86-C223-4486-815C-93C30932B131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-08-2020 19:57:49 JRT Pre-Junkware Removal
07-08-2020 20:16:50 zoek.exe restore point
10-08-2020 10:03:39 Removed mypopupblocker

==================== Faulty Device Manager Devices ============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AMD 760G
Description: AMD 760G
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: atikmdag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/10/2020 08:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (08/10/2020 06:57:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (08/10/2020 05:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba


System errors:
=============
Error: (08/10/2020 08:07:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/10/2020 07:18:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (08/10/2020 06:57:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/10/2020 06:56:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrB byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2019-07-06 11:58:47.854
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{4E7FF8BB-E9B2-4FC8-809D-DDE438F38B55}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Kengura-PC\Kengura

Date: 2015-07-04 15:29:57.214
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{08C42925-0FB3-45FF-8856-C690E60E553C}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Kengura-PC\Kengura

CodeIntegrity:
===================================

Date: 2019-10-10 12:03:27.632
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 12:03:27.461
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 10:30:48.974
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 10:30:48.818
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 09:03:52.718
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 09:03:52.562
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-09 14:57:10.965
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-09 14:57:10.809
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 08/23/2013
Motherboard: ASRock 960GC-GS FX
Processor: AMD Athlon(tm) Dual Core Processor 4850e
Percentage of memory in use: 79%
Total physical RAM: 3839.24 MB
Available physical RAM: 798.08 MB
Total Virtual: 8670.73 MB
Available Virtual: 4834.47 MB

==================== Drives ================================

Drive c: (Sys) (Fixed) (Total:483.3 GB) (Free:408.97 GB) NTFS
Drive d: (Data) (Fixed) (Total:448.11 GB) (Free:105.71 GB) NTFS

\\?\Volume{1bedb9ff-fde1-11e3-8155-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0E265546)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=483.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[Rudy]

OK, to je ono. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 NMIndexingService; no ImagePath
S3 AsrCDDrv; no ImagePath
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte do C:\Users\Kengura\Music\Nová složka (2) jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[kemgura07]

Failed to update (1) fix list no found. Fix.list by měl být v adresáři složky sama, kde je nástroj umístěn Co se s tím dá udělat? Mám oba v jedné složce a pak nic víc...

[Rudy]

Ano, fixlist musí být umístěn ve stejné složce, jako frst. Je divné že se to brání. Zkuste jiný adresář, případně nouz. režim.

[kemgura07]

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Kengura (11-08-2020 10:15:36) Run:1
Running from C:\Users\Kengura\Music\Nová složka (2)
Loaded Profiles: Kengura
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 NMIndexingService; no ImagePath
S3 AsrCDDrv; no ImagePath
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\TEMP => ":C31F31E6" ADS removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{323DDAC8-6152-42F0-9956-B25F4A0A34FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323DDAC8-6152-42F0-9956-B25F4A0A34FC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0F0AB37-CF22-44C1-9269-08658F3C7655}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F0AB37-CF22-44C1-9269-08658F3C7655}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9CB56AA-4875-4B90-A184-FB24FCEEAE9C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9CB56AA-4875-4B90-A184-FB24FCEEAE9C}" => removed successfully
C:\Windows\System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB5EDFB8-D6DF-441D-AECF-0050F276E5CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5EDFB8-D6DF-441D-AECF-0050F276E5CF}" => removed successfully
C:\Windows\System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFFB58B8-4BAB-4CC2-A832-544DFC56482D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFFB58B8-4BAB-4CC2-A832-544DFC56482D}" => removed successfully
C:\Windows\System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{689AA895-69E0-487D-82B0-EED522E13945}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\NMIndexingService => removed successfully
NMIndexingService => service removed successfully
HKLM\System\CurrentControlSet\Services\AsrCDDrv => removed successfully
AsrCDDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\IMFMBRProtect => removed successfully
IMFMBRProtect => service removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13} => moved successfully
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8} => moved successfully
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263} => moved successfully
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9} => moved successfully
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4} => moved successfully
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8251008 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 500116 B
Edge => 0 B
Chrome => 14235335 B
Firefox => 62815144 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 688 B
LocalService => 688 B
NetworkService => 688 B
Kengura => 12294470 B

RecycleBin => 2014208 B
EmptyTemp: => 103.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:15:54 ====

[Rudy]

Bylo smazáno. Změnilo se něco k lepšímu?

[kemgura07]

Vypínání PC je stejně zdlouhavé.ADW Cleaner objevil další breberky -
Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-11-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1555 octets] - [10/08/2020 18:41:44]
AdwCleaner[C00].txt - [1685 octets] - [10/08/2020 18:53:20]
AdwCleaner[S01].txt - [1625 octets] - [11/08/2020 13:07:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Rudy]

OK, udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Návod je ne starou verzi. Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde. Restartujte PC.