Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Preventivka

#1 Příspěvek od morar »

Dobrý den. Prosím o preventivní kontrolu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Sada (administrator) on SADA-PC (24-03-2019 17:35:35)
Running from C:\Users\Sada\Desktop
Loaded Profiles: Sada (Available Profiles: Sada)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Netherlands B.V. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Netherlands B.V. -> AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVG Netherlands B.V. -> AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {01393d8e-1889-11e4-8ce4-bc5ff4551e34} - E:\Startme.exe
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\system32\xfcodec64.dll [22016 2012-11-14] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\SysWOW64\xfcodec.dll [36352 2012-12-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-24] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-30] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\asc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk [2014-11-12]
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group s.r.o. -> Allstar Group, s.r.o.) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{47694619-7217-49BE-AC68-B489A063DDD9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={839AAE2D-35CD-4F94-BE2D-30728D4981F3}&mid=d254645fe31547d2a5126d16b2b1f7c7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1117tb&pr=fr&d=2014-09-01 09:17:19&v=4.3.9.605&pid=wtu&sg=&sap=hp
URLSearchHook: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={839AAE2D-35CD-4F94-BE2D-30728D4981F3}&mid=d254645fe31547d2a5126d16b2b1f7c7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0817tb&pr=fr&d=2014-09-01 09:17:19&v=4.3.9.605&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> {07F1D3AC-C6DD-4B94-A943-9B5EA59F68A7} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={839AAE2D-35CD-4F94-BE2D-30728D4981F3}&mid=d254645fe31547d2a5126d16b2b1f7c7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0817tb&pr=fr&d=2014-09-01 09:17:19&v=4.3.9.605&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll [2018-03-22] (AVG Netherlands B.V. -> AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit Information Technology -> IObit)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit Information Technology -> IObit)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-11] (AVG Technologies CZ, s.r.o. -> AVG Secure Search)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-07] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-07] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-30] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-30] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default [2019-03-24]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-06]
CHR Extension: (Avast Online Security) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-03-01]
CHR Extension: (Skype) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit Information Technology -> IObit)
S4 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440 2012-09-06] (AMD) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-07] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [369264 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-07] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-11-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-04-12] (Even Balance, Inc. -> )
S4 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Sony Mobile Communications -> Avanquest Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099512 2013-08-30] (AVG Netherlands B.V. -> AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [811520 2018-03-22] (AVG Netherlands B.V. -> )

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-03-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [519872 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-03-24] (AVAST Software s.r.o. -> AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (Martin Malik - REALiX -> REALiX(tm))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (AVG Technologies CZ, s.r.o. -> TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [56448 2011-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (BitRaider, LLC -> XFire)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-24 17:35 - 2019-03-24 17:36 - 000023390 _____ C:\Users\Sada\Desktop\FRST.txt
2019-03-24 17:35 - 2019-03-24 17:35 - 000000000 ____D C:\FRST
2019-03-24 17:30 - 2019-03-24 17:30 - 002434048 _____ (Farbar) C:\Users\Sada\Desktop\FRST64.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-24 17:35 - 2018-04-27 14:06 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-24 17:35 - 2016-02-19 14:57 - 000003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-03-24 17:35 - 2016-02-19 14:57 - 000000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-03-24 17:35 - 2016-02-17 16:25 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-03-24 17:35 - 2015-03-03 10:38 - 000003028 _____ C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622}
2019-03-24 17:35 - 2014-11-12 15:49 - 000003254 _____ C:\Windows\System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7}
2019-03-24 17:35 - 2014-11-12 10:49 - 000003028 _____ C:\Windows\System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98}
2019-03-24 17:35 - 2014-09-29 15:02 - 000003214 _____ C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006}
2019-03-24 17:35 - 2014-03-17 16:37 - 000002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2019-03-24 17:35 - 2014-03-16 14:19 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-24 17:35 - 2014-03-16 14:19 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-24 17:26 - 2016-02-17 16:25 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-03-24 17:18 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-24 17:17 - 2009-07-14 05:45 - 000010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-24 17:17 - 2009-07-14 05:45 - 000010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-24 17:15 - 2014-03-16 14:21 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-24 17:15 - 2014-03-16 14:21 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-24 17:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-03-18 14:39] - [2014-03-18 15:17] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2014-03-18 14:41] - [2014-03-18 15:17] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-05 13:57

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Sada (24-03-2019 17:36:44)
Running from C:\Users\Sada\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-15 23:48:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2586446151-2666062586-458469913-500 - Administrator - Disabled)
Guest (S-1-5-21-2586446151-2666062586-458469913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586446151-2666062586-458469913-1002 - Limited - Enabled)
Sada (S-1-5-21-2586446151-2666062586-458469913-1000 - Administrator - Enabled) => C:\Users\Sada

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
ACE Mega CoDecS Pack (HKLM-x32\...\{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1) (Version: 6.03.0911 - ACE DESIGN Software)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Aktualizace NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 71.0.1037.98 - Autoři prohlížeče Avast Secure Browser)
AVG PC TuneUp 2014 (cs-CZ) (HKLM-x32\...\{7A8B5F7D-6736-4DC4-A7A5-223BE131EB34}) (Version: 14.0.1001.147 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}) (Version: 14.0.1001.147 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp 2014) (Version: 14.0.1001.147 - AVG)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty - Ghosts 1.0.0.1 (HKLM-x32\...\Call of Duty - Ghosts_is1) (Version: - )
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Firestorm Launcher version 1.0 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.0 - Firestorm)
GamePark klient 2.0.9.0 (HKLM\...\{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1) (Version: 2.0.9.0 - GamePark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HLSW v1.4.0.5 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
IObit Apps Toolbar v9.7 (HKLM-x32\...\{E029C309-4421-410B-890A-30D2E8E82D0C}) (Version: 9.7 - Spigot, Inc.) <==== ATTENTION
iTunes (HKLM\...\{412595B6-5162-4792-8DEE-2766FBC6C1EC}) (Version: 12.7.2.60 - Apple Inc.)
LogMeIn Hamachi (HKLM-x32\...\{A313C1BB-04A5-49FA-AA26-6C3DDD9F6C7F}) (Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nero 11 Mini Repack (HKLM-x32\...\NMMS11) (Version: - )
NVIDIA Ovladač 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ovládací panel NVIDIA 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 372.70 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
RAIDXpert (HKLM-x32\...\{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: 1.3.32.1010 - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.613 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Warcraft III) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B91ACF-260F-41B3-8993-68049A97B2A9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {0638BF7D-25D2-449F-A5BA-D3DD1D8BE06C} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit Information Technology -> IObit)
Task: {0673A9AA-3BF7-460A-8DA7-8C8487C46001} - System32\Tasks\ASC10_SkipUac_Sada => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (IObit Information Technology -> IObit)
Task: {080B26B0-25B1-4E63-BC4C-030C8CC1BE69} - System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -c /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Task: {1BA75240-5490-400E-B358-38460A4F4EEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1BE2A17D-96AB-461C-BF22-D69C9E0A566A} - System32\Tasks\{03B5708B-5B79-4AEB-9F08-E180C6CD6E7D} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {2D27C8D0-796C-48EC-A14B-1822F608DFA6} - System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006} => C:\Windows\system32\pcalua.exe -a "C:\Users\Sada\Desktop\afa\World of Warcraft\INSTALL v3.07.exe" -d "C:\Users\Sada\Desktop\afa\World of Warcraft"
Task: {5772371E-5E17-4E81-86B1-06B3849B4BB7} - System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {5F22D447-E6EB-4DC6-920E-01AEB7DA8BF8} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe (IObit Information Technology -> IObit)
Task: {7152937D-9AA7-409E-9AFB-CEA999CBB02A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {733D521E-5556-4CF5-825A-A682263B9035} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe (AVG Netherlands B.V. -> AVG)
Task: {747AA499-324B-4CAA-9CCE-6012A79DE8C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {8B100B4F-2614-4B10-9A64-B26FE7F460B4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8C60A8FC-9A68-4E26-AD44-3A1727B50089} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {8F7B40F5-6C5E-4774-AAFE-BEBBB34D3981} - System32\Tasks\Driver Booster SkipUAC (Sada) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit Information Technology -> IObit)
Task: {AB717BA5-C5E7-44A5-8364-E4596F179D3E} - System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {CAEE549F-23A6-47CC-AD32-4F26612E4410} - System32\Tasks\{B40DF67D-8A19-4129-B6A6-CF2EB06D280B} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {CB57994C-D3DD-4A4A-A847-9041C2CF4B03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CE046B25-62DF-42C3-A7BE-386F6771142A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {D0C5032A-75B3-4502-BF7F-134D573861BD} - System32\Tasks\{AFE6B1F9-7392-4FC1-8EC6-C9EDFB648C2A} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {E0C19F9F-8DF5-4CD1-A1A9-F082B52CB00E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EF88CDEF-1E2A-4D3E-AC4D-BDCABE1785AA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {F3130B46-C0E7-47C7-85F6-B734F2AA3877} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {FE677FF2-2C0F-4245-834C-7376F984E3AB} - System32\Tasks\{E5CD1BA5-70B0-4767-94C6-89FB614E59F3} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-18 14:39 - 2014-03-18 15:17 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2014-03-16 13:38 - 2005-06-07 12:26 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2014-03-18 14:39 - 2014-03-18 15:17 - 000419840 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\systemcpl.dll
2016-08-31 14:38 - 2016-08-25 21:50 - 000860776 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2014-03-18 14:41 - 2014-03-18 15:17 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-30 08:16 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sada\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F0B59A9-761A-4EEA-B927-6690885822CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF168576-B110-4031-B40D-1EBE60527B7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C270FFF0-0379-4D5B-BCA8-9791F49CD8E1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{EF3ACD68-17FE-4C3E-850D-A93938CD4FF1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{CDDFCBB8-B4FC-4288-B141-4722C2260D11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{BC5E29A4-5BCE-47DC-8DAF-94FC0A157694}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F9B0E861-1E1A-4E30-9D74-3E19470848D0}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{2D925FB5-5B23-4E49-8FE8-DD876A74A5DF}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{F2C6BC5E-9D8E-4B13-9580-614AB8F93874}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{3D7F941E-B422-4F66-8B51-294228F4EA2A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{52BDFBE2-D019-4992-A5D1-5530BFFE566F}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{CAC52F32-D580-4D2C-92E9-C6D443D47104}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{33A5CA8B-8B5A-4C47-A8EA-6B9ABB2F06AA}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A76666B6-EF3E-4407-829E-D3A2B405974E}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [UDP Query User{C38F0ABD-8275-41FD-ADD3-26122CC4E0D1}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{F4FA9233-54CF-4449-BC5F-95FF52AB1D0B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{050324B7-B174-4A76-AC44-F6DEB3627D2B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{D144781F-BBDD-45B2-83E9-7EB95F841DEB}] => (Allow) LPort=80
FirewallRules: [{644DDD71-6777-48C3-B7D8-B4CA31357C78}] => (Allow) LPort=443
FirewallRules: [{13AEFAF0-2E43-44BE-8417-3AAFBDBAA185}] => (Allow) LPort=20010
FirewallRules: [{79B3458F-D1F3-48F9-BDFA-BA3CA06E33BA}] => (Allow) LPort=3478
FirewallRules: [{721F63FD-11B7-4463-90C3-F3B15BE59100}] => (Allow) LPort=7850
FirewallRules: [{DD40E129-BFCE-427F-B9B0-2E4ECAF0A678}] => (Allow) LPort=7852
FirewallRules: [{A1496419-4BD3-40D7-8A1E-52DC8F5C9A5F}] => (Allow) LPort=7853
FirewallRules: [{509F3188-3102-4456-9CDB-3A370DB4394A}] => (Allow) LPort=27022
FirewallRules: [{8A187787-008E-4E02-A27A-6898CAF2FF8C}] => (Allow) LPort=6881
FirewallRules: [{F42081D2-0603-4809-B62D-67A922DC1327}] => (Allow) LPort=33333
FirewallRules: [{57CD5445-71DD-4E80-8154-616D136F916E}] => (Allow) LPort=20443
FirewallRules: [{2AC68148-04A8-4F82-A5C6-EF94BACC98CE}] => (Allow) LPort=8090
FirewallRules: [{95D0F51C-CB5A-4879-98BD-6D23B3B00465}] => (Allow) %ProgramFiles%\Zune\Zune.exe No File
FirewallRules: [{6848311D-F8A1-4255-9343-35C2909FE1F9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{189DB9F1-76F0-481C-A4F4-FB9B2A867FE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{3F6F16E1-53AC-4694-BA33-55BAEBEF5364}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{B93D5BF8-695B-4231-9136-AB55A31FFBE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{F8A4804A-0898-49B5-BB78-58D607CB511A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{6063BB92-3E61-47AE-91C6-ACBC4F0F0449}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{7775CC5E-EA1F-4A80-95E3-A869A89A03C6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{C333AF5F-A57A-45CD-98D6-1C03A80F8944}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [TCP Query User{AE1076B1-AFF5-4F0F-AD62-15F4D6598A47}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{D958E1C5-F829-4062-B260-BF2A1E645268}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{023C9E71-0634-4AA3-B114-C60CEF2B3ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{9219E1EA-3F11-4DA3-8023-C445DA54E170}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F470CD7E-7F44-4067-A2E7-369D979CE9EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1A46A941-7A03-4820-9EB9-26289102BA68}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{152CEA05-D7BC-445B-B994-1B48EE4026EF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{51682CC5-2D2C-4836-8BF2-7AC01521A051}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2154024B-4A9D-4F0F-8727-50C5E7D68257}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{CEC92FF8-F53C-4E0D-967A-FB6853028BC9}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{552DEDB5-E55D-4B0A-95B7-2A61D446598D}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{7B7E521E-5C68-4984-AEC1-743E084EDD17}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{158749E9-EB38-41FB-AC7C-C6128A1B6EDA}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{DB9FB825-367E-42D4-B204-A19A4F42EF56}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{16A91F06-E5A7-414D-B351-93EEE962371C}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{7A8D2FB2-72D7-4953-AA12-DA94282161C1}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{E1A2B81B-F65F-4966-B690-8A049C3BF73F}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7A4E34D3-8358-4BDD-97F4-1F97BAB5A224}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{1039B29E-0722-4B61-8819-85B67920CEC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97423685-5575-42A2-806E-10C913B1AD32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{037DB693-3DBA-45DF-BE09-D9E8664998AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DCE8C2EE-7264-4DBB-BCA0-89847AAEEA6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0315352B-2F2A-440B-8B84-14409FFE415F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21292D8D-47F8-4F8F-B37E-E6ABD3484DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{60B7A6BD-084B-4214-A72C-E898C355E8B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BCC5CE20-ED3C-4783-82AB-FB2C4F60EB89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C16AA97C-BB83-4A48-9224-AC27122A06A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C5D9B8A-7370-42B5-AE51-526D8B60858C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{03F3C133-EF90-4B7F-9F6E-78CE2A6CAFF7}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{E7EDA3EC-E253-444F-B624-CC14B3F234E3}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{3771FEA2-3C44-4966-AB83-9F25DA3D19DE}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FEC850FF-6F05-4BAD-A1F9-90DCB29D63D8}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{E028376B-FA7C-4E0C-B457-EE3DCDD550AC}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{76323660-07F3-4C05-9EFF-0C1B6E201FB2}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{27EA8C8A-1D04-4D99-ADAC-B35730A98C6C}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{CF7A5BA7-28EF-4BBA-ADDC-0DAE63B465B0}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [UDP Query User{C8084811-2DE9-43E5-AC60-70F1C87E66A4}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{2BEFFA59-CB84-4BF3-92E3-16EF12DDA3AB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{7012FC51-44E9-4898-A39C-81914A9EB068}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{09F486E7-70DD-4FF2-A0FD-C9C7672AC75A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{3DC7C020-8CF8-4886-ABA0-AF373B91BD09}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{07E3342F-EEF8-4886-812F-BDAD89280EF2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{F47004EE-FDFF-47F8-A6AD-42F6EC489B06}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{85B6881F-E8EC-4127-A1E1-38984FD85E1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A21A896E-B04A-42E6-9181-5E6072A45D62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69B0B094-E040-4051-AB47-B934E1F40C40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{148610EB-20A5-4C6D-BC07-D28B0F807347}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{F6542340-C59A-4BDA-A64B-821E3E942973}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [UDP Query User{A89FF35D-B42B-4AFC-88F9-F3E555AAD824}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [TCP Query User{EEB01A45-A825-441D-8C03-52167FDE0002}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9632D96F-7B38-4E89-B573-077056D60476}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{09F0D742-E87F-445C-81C3-734386CAD7F3}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe (IObit Information Technology -> IObit)
FirewallRules: [{9B83CD30-693C-447E-B369-40C40500DEC7}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe (IObit Information Technology -> IObit)
FirewallRules: [{C49E283D-B9F6-421D-826B-32B94A779BE3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2AB70BCC-242F-41DC-80E7-CF1A2C250D6A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DAF4DF82-725D-41F3-A112-522A27690F27}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{9840C30B-0EAF-463E-B081-433ACE5CD175}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2ECA330E-9F0C-450D-8F6E-37682A57A0AB}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{3264AC89-7FDA-4A29-BF04-5FF047F86F50}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{46E98B10-3738-4C92-9227-63D3851BBA6E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{33696BD4-A00C-49F8-9119-04FA186AF7AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

19-12-2018 11:55:18 Naplánovaný kontrolní bod
30-01-2019 10:19:44 Naplánovaný kontrolní bod
11-02-2019 12:09:35 Naplánovaný kontrolní bod
19-02-2019 00:00:00 Naplánovaný kontrolní bod
26-02-2019 00:00:01 Naplánovaný kontrolní bod
05-03-2019 14:04:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2019 05:28:12 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (03/24/2019 05:17:57 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (03/24/2019 05:13:21 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (03/24/2019 05:09:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (03/05/2019 10:44:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (03/05/2019 09:44:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (03/05/2019 08:44:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (03/05/2019 07:44:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi


System errors:
=============
Error: (02/06/2019 02:07:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Update se po přijetí pokynu pro vypnutí neukončila správně.

Error: (01/30/2019 08:40:53 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.

Error: (01/30/2019 08:40:53 AM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (01/30/2019 08:40:52 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.

Error: (01/30/2019 08:40:51 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.

Error: (01/30/2019 08:40:50 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.

Error: (01/30/2019 08:40:49 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.

Error: (01/30/2019 08:40:48 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Zařízení \Device\CdRom0 ještě není připraveno pro přístup.


CodeIntegrity:
===================================

Date: 2016-09-20 16:26:15.248
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-20 16:26:15.247
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 8171.59 MB
Available physical RAM: 3997.34 MB
Total Virtual: 16341.35 MB
Available Virtual: 12191.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:174.77 GB) NTFS

\\?\Volume{cb55c6fc-ac9a-11e3-858b-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: AB41F5E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Preventivka

#2 Příspěvek od morar »

Omluvám se omylem jsem to nahrál 2x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#3 Příspěvek od Rudy »

Zdravím!
Druhý topic jsem přesunul do koše. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Preventivka

#4 Příspěvek od morar »

Ahoj. Log z Adw

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-01-2019
# Duration: 00:00:10
# OS: Windows 7 Ultimate
# Cleaned: 180
# Failed: 0


***** [ Services ] *****

Deleted AdvancedSystemCareService10
Deleted WtuSystemSupport

***** [ Folders ] *****

Deleted C:\ProgramData\IObit\Advanced SystemCare V7
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V7
Deleted C:\Users\Sada\AppData\LocalLow\IObit\Advanced SystemCare V7
Deleted C:\Users\Sada\AppData\Roaming\IObit\Advanced SystemCare V7
Deleted C:\ProgramData\IObit\Advanced SystemCare V8
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\Sada\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted C:\Users\Sada\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Sada\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Sada\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\Users\Sada\AppData\Roaming\IOBIT\Driver Booster
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\ProgramData\avg web tuneup
Deleted C:\Program Files (x86)\avg web tuneup
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
Deleted C:\Users\Sada\AppData\Local\avg web tuneup
Deleted C:\Users\Sada\AppData\LocalLow\avg web tuneup
Deleted C:\ProgramData\AVG Security Toolbar
Deleted C:\ProgramData\AVG Secure Search
Deleted C:\Program Files\Common Files\AVG Secure Search
Deleted C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted C:\Users\Sada\AppData\Local\VirtualStore\ProgramData\AVG Secure Search
Deleted C:\Program Files (x86)\IObit Apps Toolbar
Deleted C:\Program Files (x86)\Application Updater
Deleted C:\ProgramData\EnergoTech
Deleted C:\Users\Sada\AppData\Local\globalUpdate
Deleted C:\Users\Sada\AppData\Roaming\Seznam.cz
Deleted C:\Users\Sada\AppData\LocalLow\Search Settings
Deleted C:\Program Files (x86)\Common Files\Spigot

***** [ Files ] *****

Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
Deleted C:\Users\Public\Desktop\Driver Booster 3.lnk
Deleted C:\Users\Sada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
Deleted C:\Users\Public\Desktop\Advanced SystemCare 10.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\ASC10_SKIPUAC_SADA
Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler
Deleted C:\Windows\System32\Tasks\ASC10_PerformanceMonitor

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0673A9AA-3BF7-460A-8DA7-8C8487C46001}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0673A9AA-3BF7-460A-8DA7-8C8487C46001}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_Sada
Deleted HKCU\Software\IObit\Advanced SystemCare 7
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare 7
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKCU\Software\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKCU\Software\AppDataLow\Software\Crossrider
Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Crossrider
Deleted HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKCU\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKCU\Software\_CrossriderRegNamePlaceHolder_
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted HKLM\Software\Wow6432Node\AVG Tuneup
Deleted HKLM\Software\Wow6432Node\InstalledBrowserExtensions
Deleted HKLM\Software\InstalledBrowserExtensions
Deleted HKCU\Software\GlobalUpdate
Deleted HKLM\Software\Wow6432Node\GlobalUpdate
Deleted HKCU\Software\AVG Secure Search
Deleted HKLM\Software\Wow6432Node\Application Updater
Deleted HKCU\Software\AppDataLow\Software\IObit Apps
Deleted HKCU\Software\IObit Apps
Deleted HKLM\Software\Wow6432Node\IObit Apps
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe
Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted HKLM\Software\Wow6432Node\Classes\protocols\handler\viprotocol
Deleted HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Deleted HKLM\Software\Wow6432Node\Classes\AppID\ViProtocol.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9B83CD30-693C-447E-B369-40C40500DEC7}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{09F0D742-E87F-445C-81C3-734386CAD7F3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F22D447-E6EB-4DC6-920E-01AEB7DA8BF8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0638BF7D-25D2-449F-A5BA-D3DD1D8BE06C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_PerformanceMonitor
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07F1D3AC-C6DD-4B94-A943-9B5EA59F68A7}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\AppDataLow\Software\Search Settings
Deleted HKCU\Software\Search Settings
Deleted HKLM\Software\Wow6432Node\Search Settings

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted AVG Secure Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [20034 octets] - [01/04/2019 17:43:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#5 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Preventivka

#6 Příspěvek od morar »

Nové logy FRST

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Sada (14-04-2019 07:30:23)
Running from C:\Users\Sada\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-15 23:48:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2586446151-2666062586-458469913-500 - Administrator - Disabled)
Guest (S-1-5-21-2586446151-2666062586-458469913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586446151-2666062586-458469913-1002 - Limited - Enabled)
Sada (S-1-5-21-2586446151-2666062586-458469913-1000 - Administrator - Enabled) => C:\Users\Sada

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
ACE Mega CoDecS Pack (HKLM-x32\...\{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1) (Version: 6.03.0911 - ACE DESIGN Software)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 72.0.1174.121 - Autoři prohlížeče Avast Secure Browser)
AVG PC TuneUp 2014 (cs-CZ) (HKLM-x32\...\{7A8B5F7D-6736-4DC4-A7A5-223BE131EB34}) (Version: 14.0.1001.147 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}) (Version: 14.0.1001.147 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp 2014) (Version: 14.0.1001.147 - AVG)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty - Ghosts 1.0.0.1 (HKLM-x32\...\Call of Duty - Ghosts_is1) (Version: - )
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Firestorm Launcher version 1.0 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.0 - Firestorm)
GamePark klient 2.0.9.0 (HKLM\...\{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1) (Version: 2.0.9.0 - GamePark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HLSW v1.4.0.5 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
IObit Apps Toolbar v9.7 (HKLM-x32\...\{E029C309-4421-410B-890A-30D2E8E82D0C}) (Version: 9.7 - Spigot, Inc.) <==== ATTENTION
iTunes (HKLM\...\{412595B6-5162-4792-8DEE-2766FBC6C1EC}) (Version: 12.7.2.60 - Apple Inc.)
LogMeIn Hamachi (HKLM-x32\...\{A313C1BB-04A5-49FA-AA26-6C3DDD9F6C7F}) (Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nero 11 Mini Repack (HKLM-x32\...\NMMS11) (Version: - )
NVIDIA Ovladač 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ovládací panel NVIDIA 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 372.70 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
RAIDXpert (HKLM-x32\...\{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: 1.3.32.1010 - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.613 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Warcraft III) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2013-08-30] (AVG Netherlands B.V. -> AVG)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B91ACF-260F-41B3-8993-68049A97B2A9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {080B26B0-25B1-4E63-BC4C-030C8CC1BE69} - System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -c /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Task: {1BA75240-5490-400E-B358-38460A4F4EEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1BE2A17D-96AB-461C-BF22-D69C9E0A566A} - System32\Tasks\{03B5708B-5B79-4AEB-9F08-E180C6CD6E7D} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {2D27C8D0-796C-48EC-A14B-1822F608DFA6} - System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006} => C:\Windows\system32\pcalua.exe -a "C:\Users\Sada\Desktop\afa\World of Warcraft\INSTALL v3.07.exe" -d "C:\Users\Sada\Desktop\afa\World of Warcraft"
Task: {5772371E-5E17-4E81-86B1-06B3849B4BB7} - System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {7152937D-9AA7-409E-9AFB-CEA999CBB02A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {733D521E-5556-4CF5-825A-A682263B9035} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe (AVG Netherlands B.V. -> AVG)
Task: {747AA499-324B-4CAA-9CCE-6012A79DE8C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {8B100B4F-2614-4B10-9A64-B26FE7F460B4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8C60A8FC-9A68-4E26-AD44-3A1727B50089} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {8F7B40F5-6C5E-4774-AAFE-BEBBB34D3981} - System32\Tasks\Driver Booster SkipUAC (Sada) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB717BA5-C5E7-44A5-8364-E4596F179D3E} - System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {CAEE549F-23A6-47CC-AD32-4F26612E4410} - System32\Tasks\{B40DF67D-8A19-4129-B6A6-CF2EB06D280B} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {CB57994C-D3DD-4A4A-A847-9041C2CF4B03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CE046B25-62DF-42C3-A7BE-386F6771142A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {D0C5032A-75B3-4502-BF7F-134D573861BD} - System32\Tasks\{AFE6B1F9-7392-4FC1-8EC6-C9EDFB648C2A} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {D83DB7D1-EBF9-4164-A3A0-A68D9211432B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {E0C19F9F-8DF5-4CD1-A1A9-F082B52CB00E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F3130B46-C0E7-47C7-85F6-B734F2AA3877} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {FE677FF2-2C0F-4245-834C-7376F984E3AB} - System32\Tasks\{E5CD1BA5-70B0-4767-94C6-89FB614E59F3} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-18 15:39 - 2014-03-18 16:17 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2014-03-18 15:41 - 2014-03-18 16:17 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-01-30 09:16 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sada\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F0B59A9-761A-4EEA-B927-6690885822CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF168576-B110-4031-B40D-1EBE60527B7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C270FFF0-0379-4D5B-BCA8-9791F49CD8E1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{EF3ACD68-17FE-4C3E-850D-A93938CD4FF1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{CDDFCBB8-B4FC-4288-B141-4722C2260D11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{BC5E29A4-5BCE-47DC-8DAF-94FC0A157694}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{F9B0E861-1E1A-4E30-9D74-3E19470848D0}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{2D925FB5-5B23-4E49-8FE8-DD876A74A5DF}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{F2C6BC5E-9D8E-4B13-9580-614AB8F93874}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{3D7F941E-B422-4F66-8B51-294228F4EA2A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{52BDFBE2-D019-4992-A5D1-5530BFFE566F}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{CAC52F32-D580-4D2C-92E9-C6D443D47104}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{33A5CA8B-8B5A-4C47-A8EA-6B9ABB2F06AA}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A76666B6-EF3E-4407-829E-D3A2B405974E}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [UDP Query User{C38F0ABD-8275-41FD-ADD3-26122CC4E0D1}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{F4FA9233-54CF-4449-BC5F-95FF52AB1D0B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{050324B7-B174-4A76-AC44-F6DEB3627D2B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{D144781F-BBDD-45B2-83E9-7EB95F841DEB}] => (Allow) LPort=80
FirewallRules: [{644DDD71-6777-48C3-B7D8-B4CA31357C78}] => (Allow) LPort=443
FirewallRules: [{13AEFAF0-2E43-44BE-8417-3AAFBDBAA185}] => (Allow) LPort=20010
FirewallRules: [{79B3458F-D1F3-48F9-BDFA-BA3CA06E33BA}] => (Allow) LPort=3478
FirewallRules: [{721F63FD-11B7-4463-90C3-F3B15BE59100}] => (Allow) LPort=7850
FirewallRules: [{DD40E129-BFCE-427F-B9B0-2E4ECAF0A678}] => (Allow) LPort=7852
FirewallRules: [{A1496419-4BD3-40D7-8A1E-52DC8F5C9A5F}] => (Allow) LPort=7853
FirewallRules: [{509F3188-3102-4456-9CDB-3A370DB4394A}] => (Allow) LPort=27022
FirewallRules: [{8A187787-008E-4E02-A27A-6898CAF2FF8C}] => (Allow) LPort=6881
FirewallRules: [{F42081D2-0603-4809-B62D-67A922DC1327}] => (Allow) LPort=33333
FirewallRules: [{57CD5445-71DD-4E80-8154-616D136F916E}] => (Allow) LPort=20443
FirewallRules: [{2AC68148-04A8-4F82-A5C6-EF94BACC98CE}] => (Allow) LPort=8090
FirewallRules: [{95D0F51C-CB5A-4879-98BD-6D23B3B00465}] => (Allow) %ProgramFiles%\Zune\Zune.exe No File
FirewallRules: [{6848311D-F8A1-4255-9343-35C2909FE1F9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{189DB9F1-76F0-481C-A4F4-FB9B2A867FE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{3F6F16E1-53AC-4694-BA33-55BAEBEF5364}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{B93D5BF8-695B-4231-9136-AB55A31FFBE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{F8A4804A-0898-49B5-BB78-58D607CB511A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{6063BB92-3E61-47AE-91C6-ACBC4F0F0449}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{7775CC5E-EA1F-4A80-95E3-A869A89A03C6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{C333AF5F-A57A-45CD-98D6-1C03A80F8944}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [TCP Query User{AE1076B1-AFF5-4F0F-AD62-15F4D6598A47}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{D958E1C5-F829-4062-B260-BF2A1E645268}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{023C9E71-0634-4AA3-B114-C60CEF2B3ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{9219E1EA-3F11-4DA3-8023-C445DA54E170}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F470CD7E-7F44-4067-A2E7-369D979CE9EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1A46A941-7A03-4820-9EB9-26289102BA68}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{152CEA05-D7BC-445B-B994-1B48EE4026EF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{51682CC5-2D2C-4836-8BF2-7AC01521A051}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2154024B-4A9D-4F0F-8727-50C5E7D68257}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{CEC92FF8-F53C-4E0D-967A-FB6853028BC9}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{552DEDB5-E55D-4B0A-95B7-2A61D446598D}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{7B7E521E-5C68-4984-AEC1-743E084EDD17}C:\users\sada\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sada\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{158749E9-EB38-41FB-AC7C-C6128A1B6EDA}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{DB9FB825-367E-42D4-B204-A19A4F42EF56}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{16A91F06-E5A7-414D-B351-93EEE962371C}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{7A8D2FB2-72D7-4953-AA12-DA94282161C1}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{E1A2B81B-F65F-4966-B690-8A049C3BF73F}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7A4E34D3-8358-4BDD-97F4-1F97BAB5A224}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{1039B29E-0722-4B61-8819-85B67920CEC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97423685-5575-42A2-806E-10C913B1AD32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{037DB693-3DBA-45DF-BE09-D9E8664998AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DCE8C2EE-7264-4DBB-BCA0-89847AAEEA6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0315352B-2F2A-440B-8B84-14409FFE415F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21292D8D-47F8-4F8F-B37E-E6ABD3484DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{60B7A6BD-084B-4214-A72C-E898C355E8B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BCC5CE20-ED3C-4783-82AB-FB2C4F60EB89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C16AA97C-BB83-4A48-9224-AC27122A06A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C5D9B8A-7370-42B5-AE51-526D8B60858C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{03F3C133-EF90-4B7F-9F6E-78CE2A6CAFF7}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{E7EDA3EC-E253-444F-B624-CC14B3F234E3}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{3771FEA2-3C44-4966-AB83-9F25DA3D19DE}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FEC850FF-6F05-4BAD-A1F9-90DCB29D63D8}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{E028376B-FA7C-4E0C-B457-EE3DCDD550AC}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{76323660-07F3-4C05-9EFF-0C1B6E201FB2}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{27EA8C8A-1D04-4D99-ADAC-B35730A98C6C}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{CF7A5BA7-28EF-4BBA-ADDC-0DAE63B465B0}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [UDP Query User{C8084811-2DE9-43E5-AC60-70F1C87E66A4}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{85B6881F-E8EC-4127-A1E1-38984FD85E1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A21A896E-B04A-42E6-9181-5E6072A45D62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69B0B094-E040-4051-AB47-B934E1F40C40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{148610EB-20A5-4C6D-BC07-D28B0F807347}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{F6542340-C59A-4BDA-A64B-821E3E942973}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [UDP Query User{A89FF35D-B42B-4AFC-88F9-F3E555AAD824}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [TCP Query User{EEB01A45-A825-441D-8C03-52167FDE0002}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9632D96F-7B38-4E89-B573-077056D60476}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{C49E283D-B9F6-421D-826B-32B94A779BE3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2AB70BCC-242F-41DC-80E7-CF1A2C250D6A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DAF4DF82-725D-41F3-A112-522A27690F27}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{9840C30B-0EAF-463E-B081-433ACE5CD175}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8D8BDC5E-9075-40AF-817C-E47AF8C73C0F}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{AA474EB7-9FE4-486E-AE86-60936E3DCEF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

19-02-2019 01:00:00 Naplánovaný kontrolní bod
26-02-2019 01:00:01 Naplánovaný kontrolní bod
05-03-2019 15:04:22 Naplánovaný kontrolní bod
24-03-2019 19:03:37 Naplánovaný kontrolní bod
02-04-2019 09:53:51 Naplánovaný kontrolní bod
10-04-2019 19:22:28 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2019 06:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 05:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 04:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 03:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 02:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 01:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/14/2019 12:44:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi

Error: (04/13/2019 11:44:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\GoogleUpdateHelper.msi


System errors:
=============
Error: (04/11/2019 12:15:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 70. Stav interní chyby: 105

Error: (04/05/2019 04:41:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NVIDIA Streamer Network Service bylo dosaženo časového limitu (60000 ms).

Error: (04/02/2019 10:09:16 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: Nelze spustit DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} jako /. Došlo k chybě:
%%5 = Přístup byl odepřen.
při provádění příkazu:
C:\Windows\System32\slui.exe -Embedding

Error: (04/01/2019 05:54:29 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba NVIDIA Streamer Service se po přijetí pokynu pro vypnutí neukončila správně.

Error: (04/01/2019 05:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Agent zásad protokolu IPsec neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/01/2019 05:46:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Agent zásad protokolu IPsec bylo dosaženo časového limitu (60000 ms).

Error: (04/01/2019 05:43:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/01/2019 05:43:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================

Date: 2016-09-20 16:26:15.248
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-20 16:26:15.247
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 8171.59 MB
Available physical RAM: 4210.29 MB
Total Virtual: 16341.35 MB
Available Virtual: 12443.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:174.1 GB) NTFS

\\?\Volume{cb55c6fc-ac9a-11e3-858b-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================









Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Sada (administrator) on SADA-PC (14-04-2019 07:29:12)
Running from C:\Users\Sada\Desktop
Loaded Profiles: Sada (Available Profiles: Sada)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Netherlands B.V. -> AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVG Netherlands B.V. -> AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {01393d8e-1889-11e4-8ce4-bc5ff4551e34} - E:\Startme.exe
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\system32\xfcodec64.dll [22016 2012-11-14] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\SysWOW64\xfcodec.dll [36352 2012-12-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\Installer\chrmstp.exe [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\asc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk [2014-11-12]
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group s.r.o. -> Allstar Group, s.r.o.) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{47694619-7217-49BE-AC68-B489A063DDD9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-07] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-07] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-02] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default [2019-04-14]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-06]
CHR Extension: (Avast Online Security) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-03-01]
CHR Extension: (Skype) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440 2012-09-06] (AMD) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-07] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [371824 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-07] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe [1070600 2019-03-06] (AVAST Software s.r.o. -> AVAST Software)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-11-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-04-12] (Even Balance, Inc. -> )
S4 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Sony Mobile Communications -> Avanquest Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099512 2013-08-30] (AVG Netherlands B.V. -> AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-15] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205608 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254408 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196304 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320904 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58168 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42496 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169104 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-03-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [518784 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88152 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034640 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476264 2019-04-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220632 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-04-01] (AVAST Software s.r.o. -> AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (Martin Malik - REALiX -> REALiX(tm))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (AVG Technologies CZ, s.r.o. -> TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [56448 2011-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (BitRaider, LLC -> XFire)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-12 21:42 - 2019-04-12 21:42 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2019-04-12 08:05 - 2019-04-12 08:05 - 000130027 _____ C:\Users\Sada\Desktop\paska005704.zip
2019-04-11 12:18 - 2019-04-11 12:18 - 000074318 _____ C:\Users\Sada\Desktop\Výpis_1000381573_2019_03.pdf
2019-04-11 12:10 - 2019-04-11 12:11 - 000072863 _____ C:\Users\Sada\Desktop\Výpis_1000381573_2019_02.pdf
2019-04-01 17:41 - 2019-04-01 17:43 - 000000000 ____D C:\AdwCleaner
2019-04-01 17:41 - 2019-04-01 17:41 - 007316688 _____ (Malwarebytes) C:\Users\Sada\Desktop\adwcleaner_7.2.7.0.exe
2019-04-01 17:41 - 2019-04-01 17:40 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-03-24 18:36 - 2019-03-24 18:38 - 000050021 _____ C:\Users\Sada\Desktop\Addition.txt
2019-03-24 18:35 - 2019-04-14 07:30 - 000020146 _____ C:\Users\Sada\Desktop\FRST.txt
2019-03-24 18:35 - 2019-04-14 07:29 - 000000000 ____D C:\FRST
2019-03-24 18:30 - 2019-03-24 18:30 - 002434048 _____ (Farbar) C:\Users\Sada\Desktop\FRST64.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 07:09 - 2016-02-19 15:57 - 000000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-04-12 21:42 - 2016-02-17 17:25 - 000476264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-12 19:16 - 2009-07-26 20:41 - 000672158 _____ C:\Windows\system32\perfh005.dat
2019-04-12 19:16 - 2009-07-26 20:41 - 000142754 _____ C:\Windows\system32\perfc005.dat
2019-04-12 19:16 - 2009-07-14 07:13 - 001593238 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-12 19:16 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-04-11 11:45 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-10 18:17 - 2014-03-16 15:21 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 18:17 - 2014-03-16 15:21 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-02 22:19 - 2009-07-14 06:45 - 000010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-02 22:19 - 2009-07-14 06:45 - 000010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-02 08:43 - 2014-03-16 15:19 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-02 08:43 - 2014-03-16 15:19 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-01 17:43 - 2014-07-24 22:38 - 000000000 ____D C:\Users\Sada\AppData\Roaming\IObit
2019-04-01 17:43 - 2014-07-24 22:38 - 000000000 ____D C:\Users\Sada\AppData\LocalLow\IObit
2019-04-01 17:43 - 2014-07-24 22:38 - 000000000 ____D C:\ProgramData\IObit
2019-04-01 17:43 - 2014-07-24 22:38 - 000000000 ____D C:\Program Files (x86)\IObit
2019-04-01 17:42 - 2017-10-08 10:19 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-04-01 17:41 - 2018-10-23 13:03 - 000042496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-04-01 17:41 - 2016-02-17 17:25 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-04-01 17:41 - 2016-02-17 17:25 - 000220632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-04-01 17:41 - 2016-02-17 17:25 - 000169104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-04-01 17:41 - 2016-02-17 17:25 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-04-01 17:41 - 2016-02-17 17:25 - 000088152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-04-01 17:40 - 2019-02-19 15:56 - 000518784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-04-01 17:40 - 2019-02-03 17:54 - 000254408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-04-01 17:40 - 2019-01-30 09:21 - 000320904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-04-01 17:40 - 2019-01-30 09:21 - 000196304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-04-01 17:40 - 2019-01-30 09:21 - 000058168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-04-01 17:40 - 2017-11-14 19:01 - 000205608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-04-01 17:40 - 2016-02-17 17:25 - 001034640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-03-25 11:24 - 2018-06-07 13:40 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-03-25 11:24 - 2018-06-07 13:40 - 000002358 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-03-24 18:35 - 2018-04-27 15:06 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-24 18:35 - 2016-02-19 15:57 - 000003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-03-24 18:35 - 2016-02-17 17:25 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-03-24 18:35 - 2015-03-03 11:38 - 000003028 _____ C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622}
2019-03-24 18:35 - 2014-11-12 16:49 - 000003254 _____ C:\Windows\System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7}
2019-03-24 18:35 - 2014-11-12 11:49 - 000003028 _____ C:\Windows\System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98}
2019-03-24 18:35 - 2014-09-29 16:02 - 000003214 _____ C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006}
2019-03-24 18:35 - 2014-03-17 17:37 - 000002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-03-18 15:39] - [2014-03-18 16:17] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2014-03-18 15:41] - [2014-03-18 16:17] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-13 00:50

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
Task: {1BA75240-5490-400E-B358-38460A4F4EEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2D27C8D0-796C-48EC-A14B-1822F608DFA6} - System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006} => C:\Windows\system32\pcalua.exe -a "C:\Users\Sada\Desktop\afa\World of Warcraft\INSTALL v3.07.exe" -d "C:\Users\Sada\Desktop\afa\World of Warcraft"
Task: {5772371E-5E17-4E81-86B1-06B3849B4BB7} - System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {CB57994C-D3DD-4A4A-A847-9041C2CF4B03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{6848311D-F8A1-4255-9343-35C2909FE1F9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{189DB9F1-76F0-481C-A4F4-FB9B2A867FE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{3F6F16E1-53AC-4694-BA33-55BAEBEF5364}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{B93D5BF8-695B-4231-9136-AB55A31FFBE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{F8A4804A-0898-49B5-BB78-58D607CB511A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{6063BB92-3E61-47AE-91C6-ACBC4F0F0449}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{7775CC5E-EA1F-4A80-95E3-A869A89A03C6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{C333AF5F-A57A-45CD-98D6-1C03A80F8944}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622}
C:\Windows\System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7}
C:\Windows\System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98}
C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006}

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Preventivka

#8 Příspěvek od morar »

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Sada (15-04-2019 20:44:29) Run:1
Running from C:\Users\Sada\Desktop
Loaded Profiles: Sada (Available Profiles: Sada)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {1BA75240-5490-400E-B358-38460A4F4EEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2D27C8D0-796C-48EC-A14B-1822F608DFA6} - System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006} => C:\Windows\system32\pcalua.exe -a "C:\Users\Sada\Desktop\afa\World of Warcraft\INSTALL v3.07.exe" -d "C:\Users\Sada\Desktop\afa\World of Warcraft"
Task: {5772371E-5E17-4E81-86B1-06B3849B4BB7} - System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {CB57994C-D3DD-4A4A-A847-9041C2CF4B03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{6848311D-F8A1-4255-9343-35C2909FE1F9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{189DB9F1-76F0-481C-A4F4-FB9B2A867FE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{3F6F16E1-53AC-4694-BA33-55BAEBEF5364}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{B93D5BF8-695B-4231-9136-AB55A31FFBE4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{F8A4804A-0898-49B5-BB78-58D607CB511A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{6063BB92-3E61-47AE-91C6-ACBC4F0F0449}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{7775CC5E-EA1F-4A80-95E3-A869A89A03C6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
FirewallRules: [{C333AF5F-A57A-45CD-98D6-1C03A80F8944}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2586446151-2666062586-458469913-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622}
C:\Windows\System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7}
C:\Windows\System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98}
C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006}

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BA75240-5490-400E-B358-38460A4F4EEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA75240-5490-400E-B358-38460A4F4EEA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D27C8D0-796C-48EC-A14B-1822F608DFA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D27C8D0-796C-48EC-A14B-1822F608DFA6}" => removed successfully
C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDB76971-FB0F-41A9-91A4-0565B444C006}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5772371E-5E17-4E81-86B1-06B3849B4BB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5772371E-5E17-4E81-86B1-06B3849B4BB7}" => removed successfully
C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32E9E1AA-021B-443B-A370-E35B981F5622}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB57994C-D3DD-4A4A-A847-9041C2CF4B03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB57994C-D3DD-4A4A-A847-9041C2CF4B03}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6848311D-F8A1-4255-9343-35C2909FE1F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{189DB9F1-76F0-481C-A4F4-FB9B2A867FE4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F6F16E1-53AC-4694-BA33-55BAEBEF5364}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B93D5BF8-695B-4231-9136-AB55A31FFBE4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8A4804A-0898-49B5-BB78-58D607CB511A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6063BB92-3E61-47AE-91C6-ACBC4F0F0449}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7775CC5E-EA1F-4A80-95E3-A869A89A03C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C333AF5F-A57A-45CD-98D6-1C03A80F8944}" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2586446151-2666062586-458469913-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skypec2c => removed successfully
HKLM\Software\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => removed successfully
HKLM\Software\Wow6432Node\Classes\PROTOCOLS\Handler\skypec2c => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\c2cautoupdatesvc => removed successfully
c2cautoupdatesvc => service removed successfully
HKLM\System\CurrentControlSet\Services\c2cpnrsvc => removed successfully
c2cpnrsvc => service removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"C:\Windows\System32\Tasks\{32E9E1AA-021B-443B-A370-E35B981F5622}" => not found
C:\Windows\System32\Tasks\{79C4C567-AB8E-4536-AA51-F246D24981A7} => moved successfully
C:\Windows\System32\Tasks\{A8E4D479-0D14-4FCE-89C8-B64AEA995E98} => moved successfully
"C:\Windows\System32\Tasks\{FDB76971-FB0F-41A9-91A4-0565B444C006}" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30948552 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 154662175 B
Edge => 0 B
Chrome => 441816128 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 135576 B
systemprofile32 => 1256157 B
LocalService => 115860 B
NetworkService => 66228 B
Sada => 6879107 B

RecycleBin => 0 B
EmptyTemp: => 614.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:44:53 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#9 Příspěvek od Rudy »

Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Preventivka

#10 Příspěvek od morar »

Moc děkuji.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#11 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno