Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontr. logu po napadení "policejním virem"

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Kontr. logu po napadení "policejním virem"

#1 Příspěvek od Sagitt62 »

Zdravím a prosím o preventivku. PC byl napaden "policejním virem". Stránku jsem zavřel,ale zůstala nějaká hláška v angličtině,PC nešel vypnout,musel jsem jej vypnout "natvrdo" síťovým vypínačem. Po zapnutí varovná hláška WIN o nestandartním vypnutí,zvoleno "Spustit obvyklým způsobem". Systém naběhl normálně. Následoval celkový test aktualizovaným Avastem /bez nálezu/ a vyčištění CClenerem. PC se chová normálně,ale červ pochyb hlodá :?: Prosím o kontrolu přiloženého logu-dofám,že toho správného. Díky. S62

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Bary (administrator) on BARY_PC (08-03-2018 13:58:00)
Running from C:\Users\Bary\Desktop
Loaded Profiles: Bary (Available Profiles: Bary & Janyška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-06] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2016-09-11]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2016-09-11]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-08-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBBAB301-0DCB-4042-A109-0090B32835E6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EACCA239-F44C-4AB8-B89B-2F6BBF11AC2C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000 -> {73ED3DC4-6B10-4048-B641-783ABC7DEDA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-15] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default [2018-03-08]
FF Homepage: Mozilla\Firefox\Profiles\s5blaom8.default -> hxxps://www.google.cz/?gws_rd=ssl
FF Extension: (Avast SafePrice) - C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default\Extensions\sp@avast.com.xpi [2018-03-08]
FF Extension: (Avast Online Security) - C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [357760 2018-03-06] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-06] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-12-14] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [619984 2018-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-06] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-06] (AVAST Software)
R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 13:58 - 2018-03-08 13:58 - 000014062 _____ C:\Users\Bary\Desktop\FRST.txt
2018-03-08 13:57 - 2018-03-08 13:57 - 000000000 ____D C:\Users\Bary\Desktop\FRST-OlderVersion
2018-03-06 21:54 - 2018-03-06 21:54 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-04 09:36 - 2018-03-04 09:37 - 000000000 ____D C:\Users\Bary\Desktop\Reklamačka
2018-03-04 09:25 - 2018-03-04 09:36 - 000000000 ____D C:\Users\Bary\Desktop\AKT
2018-02-10 21:52 - 2018-02-10 21:52 - 000000796 _____ C:\Users\Bary\Desktop\SOLIUS – zástupce.lnk
2018-02-10 15:35 - 2018-02-10 15:35 - 002291360 _____ C:\Users\Bary\Downloads\katalog(1).pdf
2018-02-10 09:49 - 2018-02-10 09:49 - 000299903 _____ C:\Users\Bary\Downloads\d_d__ps_300Sunrise_ESC.PDF
2018-02-10 09:07 - 2018-02-10 09:07 - 000042987 _____ C:\Users\Bary\Downloads\Volba_motoru_RAY_G2_doporucene_vrtule.pdf
2018-02-10 09:06 - 2018-02-10 09:06 - 000374031 _____ C:\Users\Bary\Downloads\RAY_G2_technicka_data.pdf
2018-02-10 09:06 - 2018-02-10 09:06 - 000023402 _____ C:\Users\Bary\Downloads\Nahrada_motoru_RAY_novou_generaci_G2.pdf
2018-02-08 21:48 - 2018-02-08 21:48 - 000036865 _____ C:\Users\Bary\Downloads\Volba_vrtule_pro_motory_FOXY_G2.pdf
2018-02-08 21:48 - 2018-02-08 21:48 - 000036384 _____ C:\Users\Bary\Downloads\Volba_motoru_FOXY_G2.pdf
2018-02-08 18:33 - 2018-02-08 18:33 - 002291360 _____ C:\Users\Bary\Downloads\katalog.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 13:58 - 2016-05-21 10:31 - 000000000 ____D C:\FRST
2018-03-08 13:57 - 2017-04-16 09:35 - 002403328 _____ (Farbar) C:\Users\Bary\Desktop\FRST64.exe
2018-03-08 13:56 - 2013-08-09 16:53 - 000000000 ____D C:\Users\Bary\Desktop\Nepoužívané odkazy
2018-03-08 13:50 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-08 13:50 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-08 13:46 - 2016-11-18 10:14 - 000000000 ____D C:\Users\Bary\AppData\LocalLow\Mozilla
2018-03-08 13:36 - 2013-08-05 13:28 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-08 13:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 08:41 - 2016-11-23 20:09 - 000000000 ____D C:\Users\Janyška\AppData\LocalLow\Mozilla
2018-03-07 04:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-07 04:23 - 2015-07-04 17:21 - 000000000 ____D C:\Users\Bary\AppData\Local\CrashDumps
2018-03-06 23:42 - 2015-03-09 19:18 - 000000000 ____D C:\Users\Bary\Documents\AVerTV
2018-03-06 22:07 - 2009-07-14 16:18 - 000668640 _____ C:\Windows\system32\perfh005.dat
2018-03-06 22:07 - 2009-07-14 16:18 - 000141300 _____ C:\Windows\system32\perfc005.dat
2018-03-06 22:07 - 2009-07-14 06:13 - 001583642 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-06 21:54 - 2017-12-14 17:03 - 000619984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-03-06 21:54 - 2017-12-14 16:54 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-06 21:54 - 2015-02-01 23:56 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-28 19:22 - 2014-12-26 08:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 19:07 - 2015-11-06 22:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 20:02 - 2015-03-09 17:27 - 000000000 ____D C:\Users\Bary\AppData\Local\AVerMedia
2018-02-12 18:30 - 2013-08-08 09:54 - 000000000 ____D C:\Users\Bary\AppData\Local\Microsoft Help
2018-02-09 09:25 - 2017-05-20 11:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-09 09:25 - 2013-08-09 16:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-06 20:11 - 2013-08-08 08:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 20:11 - 2013-08-08 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 20:11 - 2013-08-08 08:52 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 20:11 - 2013-08-08 08:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 20:11 - 2013-08-08 08:52 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-04-16 09:40 - 2017-04-16 09:40 - 000029696 _____ () C:\Users\Bary\AppData\Local\MSGBOX.EXE
2014-11-17 06:43 - 2014-11-17 06:43 - 000000017 _____ () C:\Users\Bary\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 16:24

==================== End of FRST.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Hlaska o nestandardnom vypnuti je sposobena vypnutim natvrdo

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#3 Příspěvek od Sagitt62 »

Zdravím!
Jo,s tou hláškou o nestandart. vypnutí jsem srozuměnej,už jsem zažil. To bylo jen pro úplnost. :)
Sken ADW Clenerem proveden:

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 14:32:47 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [6683 B] - [2017/4/16 9:56:15]
C:/AdwCleaner/AdwCleaner[S0].txt - [6529 B] - [2017/4/16 9:55:32]
C:/AdwCleaner/AdwCleaner[S1].txt - [1129 B] - [2018/3/8 14:30:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


S62

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#4 Příspěvek od Conder »

:arrow: Poprosim o nove logy z FRST (obidva - FRST.txt a Addition.txt)

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#5 Příspěvek od Sagitt62 »

ZDE FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Bary (administrator) on BARY_PC (08-03-2018 16:12:32)
Running from C:\Users\Bary\Desktop
Loaded Profiles: Bary (Available Profiles: Bary & Janyška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-06] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2016-09-11]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2016-09-11]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-08-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBBAB301-0DCB-4042-A109-0090B32835E6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EACCA239-F44C-4AB8-B89B-2F6BBF11AC2C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000 -> {73ED3DC4-6B10-4048-B641-783ABC7DEDA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-15] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default [2018-03-08]
FF Homepage: Mozilla\Firefox\Profiles\s5blaom8.default -> hxxps://www.google.cz/?gws_rd=ssl
FF Extension: (Avast SafePrice) - C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default\Extensions\sp@avast.com.xpi [2018-03-08]
FF Extension: (Avast Online Security) - C:\Users\Bary\AppData\Roaming\Mozilla\Firefox\Profiles\s5blaom8.default\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [357760 2018-03-06] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-06] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-12-14] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [619984 2018-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-06] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-06] (AVAST Software)
R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 16:12 - 2018-03-08 16:13 - 000013759 _____ C:\Users\Bary\Desktop\FRST.txt
2018-03-08 15:27 - 2018-03-08 15:27 - 008222496 _____ (Malwarebytes) C:\Users\Bary\Desktop\adwcleaner_7.0.8.0.exe
2018-03-08 14:16 - 2018-03-08 14:16 - 012557201 _____ C:\Users\Bary\Desktop\HERON MARTIN.zip
2018-03-06 21:54 - 2018-03-06 21:54 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-02-10 21:52 - 2018-02-10 21:52 - 000000796 _____ C:\Users\Bary\Desktop\SOLIUS – zástupce.lnk
2018-02-10 15:35 - 2018-02-10 15:35 - 002291360 _____ C:\Users\Bary\Downloads\katalog(1).pdf
2018-02-10 09:49 - 2018-02-10 09:49 - 000299903 _____ C:\Users\Bary\Downloads\d_d__ps_300Sunrise_ESC.PDF
2018-02-10 09:07 - 2018-02-10 09:07 - 000042987 _____ C:\Users\Bary\Downloads\Volba_motoru_RAY_G2_doporucene_vrtule.pdf
2018-02-10 09:06 - 2018-02-10 09:06 - 000374031 _____ C:\Users\Bary\Downloads\RAY_G2_technicka_data.pdf
2018-02-10 09:06 - 2018-02-10 09:06 - 000023402 _____ C:\Users\Bary\Downloads\Nahrada_motoru_RAY_novou_generaci_G2.pdf
2018-02-08 21:48 - 2018-02-08 21:48 - 000036865 _____ C:\Users\Bary\Downloads\Volba_vrtule_pro_motory_FOXY_G2.pdf
2018-02-08 21:48 - 2018-02-08 21:48 - 000036384 _____ C:\Users\Bary\Downloads\Volba_motoru_FOXY_G2.pdf
2018-02-08 18:33 - 2018-02-08 18:33 - 002291360 _____ C:\Users\Bary\Downloads\katalog.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 16:12 - 2016-05-21 10:31 - 000000000 ____D C:\FRST
2018-03-08 16:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-08 15:41 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-08 15:41 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-08 15:35 - 2016-11-18 10:14 - 000000000 ____D C:\Users\Bary\AppData\LocalLow\Mozilla
2018-03-08 15:33 - 2013-08-05 13:28 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-08 15:33 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-08 15:32 - 2017-04-16 10:54 - 000000000 ____D C:\AdwCleaner
2018-03-08 13:57 - 2017-04-16 09:35 - 002403328 _____ (Farbar) C:\Users\Bary\Desktop\FRST64.exe
2018-03-08 13:56 - 2013-08-09 16:53 - 000000000 ____D C:\Users\Bary\Desktop\Nepoužívané odkazy
2018-03-08 08:41 - 2016-11-23 20:09 - 000000000 ____D C:\Users\Janyška\AppData\LocalLow\Mozilla
2018-03-07 04:23 - 2015-07-04 17:21 - 000000000 ____D C:\Users\Bary\AppData\Local\CrashDumps
2018-03-06 23:42 - 2015-03-09 19:18 - 000000000 ____D C:\Users\Bary\Documents\AVerTV
2018-03-06 22:07 - 2009-07-14 16:18 - 000668640 _____ C:\Windows\system32\perfh005.dat
2018-03-06 22:07 - 2009-07-14 16:18 - 000141300 _____ C:\Windows\system32\perfc005.dat
2018-03-06 22:07 - 2009-07-14 06:13 - 001583642 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-06 21:54 - 2017-12-14 17:03 - 000619984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-03-06 21:54 - 2017-12-14 16:54 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-06 21:54 - 2017-03-01 16:06 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-06 21:54 - 2015-02-01 23:56 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-06 21:54 - 2015-02-01 23:56 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-28 19:22 - 2014-12-26 08:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 19:07 - 2015-11-06 22:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 20:02 - 2015-03-09 17:27 - 000000000 ____D C:\Users\Bary\AppData\Local\AVerMedia
2018-02-12 18:30 - 2013-08-08 09:54 - 000000000 ____D C:\Users\Bary\AppData\Local\Microsoft Help
2018-02-09 09:25 - 2017-05-20 11:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-09 09:25 - 2013-08-09 16:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-06 20:11 - 2013-08-08 08:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 20:11 - 2013-08-08 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 20:11 - 2013-08-08 08:52 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 20:11 - 2013-08-08 08:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 20:11 - 2013-08-08 08:52 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-04-16 09:40 - 2017-04-16 09:40 - 000029696 _____ () C:\Users\Bary\AppData\Local\MSGBOX.EXE
2014-11-17 06:43 - 2014-11-17 06:43 - 000000017 _____ () C:\Users\Bary\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 16:24

==================== End of FRST.txt ============================

ZDE Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Bary (08-03-2018 16:13:17)
Running from C:\Users\Bary\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-05 09:52:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2795746050-3627135712-4210470686-500 - Administrator - Disabled)
Bary (S-1-5-21-2795746050-3627135712-4210470686-1000 - Administrator - Enabled) => C:\Users\Bary
Guest (S-1-5-21-2795746050-3627135712-4210470686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2795746050-3627135712-4210470686-1005 - Limited - Enabled)
Janyška (S-1-5-21-2795746050-3627135712-4210470686-1003 - Limited - Enabled) => C:\Users\Janyška

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Aktualizace NVIDIA 16.13.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 16.13.42 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
AVerMedia A835 USB DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.9.1.9.16032501 - AVerMedia Technologies, Inc.) Hidden
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.9.1.9.16032501 - AVerMedia Technologies, Inc.)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
doPDF (HKLM\...\{F64C9051-AF79-4416-9522-EDBE765F062C}) (Version: 8.6.942 - Softland) Hidden
EPC (HKLM-x32\...\{A178B2C6-4062-11D6-90AA-00001CDD353B}) (Version: - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
F4200 (HKLM-x32\...\{C2524280-A5CF-4458-B809-167F13FAB56D}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\{758AF648-0B6C-4593-BDF1-9BF4CB50A359}) (Version: 1.00.0000 - Název společnosti:) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\InstallShield_{758AF648-0B6C-4593-BDF1-9BF4CB50A359}) (Version: 1.00.0000 - Název společnosti:)
Jpeg Resampler Vs 6+ (HKLM-x32\...\JpegResampler2010_is1) (Version: - Jpeg Resampler)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0405-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 58.0.2 (x64 cs)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Ovládací panel NVIDIA 347.52 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 347.52 - NVIDIA Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.13.42 - NVIDIA Corporation) Hidden
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000_Classes\CLSID\{01D70133-25B3-429A-41D6-3F6339922EA2}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => C:\Program Files (x86)\JpegResampler2010\JRcm.dll [2010-08-19] ()
ContextMenuHandlers1-x32: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => C:\Program Files (x86)\JpegResampler2010\JRcm64.dll [2010-09-07] ()
ContextMenuHandlers1-x32-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-05] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => C:\Program Files (x86)\JpegResampler2010\JRcm.dll [2010-08-19] ()
ContextMenuHandlers6-x32: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => C:\Program Files (x86)\JpegResampler2010\JRcm64.dll [2010-09-07] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {0A341606-7CF2-4255-A65E-C845784D73A3} - System32\Tasks\{4EE4B67C-6C7A-427B-B751-6E2C03B2F797} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\409m.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {0D183448-569E-434F-889E-AB783F4BCEC5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-06] (AVAST Software)
Task: {1412137C-96E7-4B31-9FD8-F2703DA32790} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {1B41D6C2-9143-4ECB-B40A-260D85583C84} - System32\Tasks\{E00FD4D2-71A6-4338-BFB0-0334D4E89682} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {1B64DBAB-6D07-49BC-8FC9-FF43DA2A78B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {1E671025-8B3A-4A5D-8701-229A921E15F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1FB91FBF-E1AB-4E7D-83DF-A20C8F9F96BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2FB2E473-FE54-467E-B922-8124B13EC3EE} - System32\Tasks\{9F37918D-6259-4D34-B31D-4E553333AC38} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\Il2_412_2_INT.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {35E24E52-4CE0-4FDF-99C5-10F044EBB609} - System32\Tasks\{CD06D807-AE64-4938-B469-39C0740648E0} => C:\Windows\system32\pcalua.exe -a E:\Imgedit_register\imgedit_register.exe -d E:\Imgedit_register
Task: {375808D1-61F8-40AC-8D01-FDE0EDDB35D9} - System32\Tasks\{BECF5D7E-6443-41A3-A71D-ED9617D5A7F5} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {3BAAE5C6-6A3B-421C-B36B-5E26CF9559BE} - System32\Tasks\{57D5A4E6-48A2-45DB-8869-E43C2D88299B} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {42DF52B4-A009-4309-A19F-7E15180CD2E1} - System32\Tasks\{80BAADEA-3AA9-443D-9CAB-314ED2AEC500} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {44145D29-5D57-43EF-A890-53ACE614A99C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {44145D29-5D57-43EF-A890-53ACE614A99C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {4705F293-688A-43C2-B914-041625A93C20} - System32\Tasks\{6BF0C10C-0FEC-4CD1-9612-267420127A6F} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\Il2_411_INT.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {5042989E-4220-49EA-BD6F-ABEB6B455A50} - System32\Tasks\{CC15A69B-79E8-4CAF-8E73-DFA52EEA5669} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {52C6E940-857D-4FE1-83FB-AC5E8F99F75D} - System32\Tasks\{8AA42B20-3F6D-408D-B030-84DCBB0362BB} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\Il2_410_1.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {55F2F13E-BFF6-4E24-B68B-240436DC7612} - System32\Tasks\SafeZone scheduled Autoupdate 1468288476 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {56F59FC6-176D-4EBD-B10A-1245044329D3} - System32\Tasks\{8EAB665E-EC7C-4E4C-A5BC-61536CA4E313} => E:\WINNT\Setup.exe
Task: {57B2311F-6883-4767-B91C-F0A8905BDDD3} - System32\Tasks\{874BF787-0EE1-4E41-95D1-35D568E9AE09} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {63061030-61E1-4611-8DBF-168AB7E2A58D} - System32\Tasks\{A45FDD5C-7C34-41FA-A573-4658064B61FA} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2set.exe" -d "D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946"
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {67514BDB-7059-4A71-A908-B1219E4DFF1F} - System32\Tasks\{B946BA5B-5413-4236-A241-7F4ACD12F9A8} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {6E1B96B0-8C4D-40BC-8F5F-E570F08A319F} - System32\Tasks\{008B9013-DD8F-4354-8904-819202313EAF} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {71AB8972-AE48-4CA3-A8D3-1BA539BE7651} - System32\Tasks\{6AA46206-7638-4FEB-B093-9902E48FCB9D} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {739FF935-952B-4F57-8DCB-AF6F05031C6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {78686BD4-9A4D-499E-AB92-56613F22A967} - System32\Tasks\{B236AAEA-1F3E-4BCC-895A-091466B038E3} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {7C35BEB9-3A15-49A8-A9DF-0A983719A143} - System32\Tasks\{53E4FFB5-3C4C-442E-B1E8-CCBB0AAA971E} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {82EEA80D-72CD-4139-952F-37744C79CA57} - System32\Tasks\{4BA329E7-8DE4-47AD-9D19-784DB5B26C60} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\Il2_412_INT.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {8B7562C2-D195-49ED-BC0B-D26111AE7CAF} - System32\Tasks\{007B923B-DA17-4421-90DF-393538BD2579} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {8C40224C-A4F8-4D08-9B3B-DFFDFC460F3C} - System32\Tasks\{9FC72FCD-AC48-431E-A076-CBB833D4DFE3} => C:\Windows\system32\pcalua.exe -a "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS\skins409m.exe" -d "D:\Letecké simulátory\Mody na Sturmovik od Big Joea\zasilka-FB2YINTHL847F9HS"
Task: {8E1DC3DF-7760-49CA-975A-BBD87096C39D} - System32\Tasks\{9DD90A62-9A6D-41F1-81CE-6C682D53D3D4} => C:\Windows\system32\pcalua.exe -a C:\Users\Bary\Desktop\domaci-nasili-game-over_1.0.exe -d C:\Users\Bary\Desktop
Task: {948F34D4-537A-4B08-B39D-9CFDAA13C302} - System32\Tasks\{BE7A0320-5A9E-4E31-8E78-6D0166D7298D} => E:\WINNT\Setup.exe
Task: {99F8B248-7FE3-49CD-AC46-489A5CCCB229} - System32\Tasks\{9E3CB33E-79F8-44A4-B1B0-BB60A2C7CBFD} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {9F7125AE-3538-4FA5-94A6-8C6327AE9682} - System32\Tasks\{036500E8-1600-43A6-8FF9-03475C575097} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {B83ACE1A-F370-4542-8125-7304EF1624AA} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {B86B64D2-400F-48C3-82D6-E2A15CED8C32} - System32\Tasks\{2F4EA020-1DCB-4F55-B554-42DFDBCE279A} => E:\WINNT\Setup.exe
Task: {B8FD820F-05ED-4097-B04A-65EE26A8D115} - System32\Tasks\{13F2E585-E2C5-4028-A845-7274AFD90C02} => C:\Program Files (x86)\MOBIS\EPC\EPC.EXE [2002-03-26] (Kia)
Task: {C27FB208-7F0F-4634-9A34-B4074D08A2C5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DailyGatedCheck
Task: {C27FB208-7F0F-4634-9A34-B4074D08A2C5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(4): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {C295F820-7625-44EF-89AC-91FAF883B373} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {CA145E90-35DD-40B4-B522-D84058471092} - System32\Tasks\{A7AE4564-AF92-49D8-9A67-8E1C71031FCF} => D:\Nový sturmovik\il2fb.exe
Task: {D2A7502F-22B9-4836-B5D9-655E519847C8} - System32\Tasks\{B63C4FF3-8DCC-40C5-8A31-4AC577D78CD5} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {D41F214E-2133-49C5-ACED-82386612A951} - System32\Tasks\{F43B9E8C-93CB-4900-9F8A-4EF97F3E26C6} => D:\Letecké simulátory\Záloha Sturm verze 4.10.m\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe [2006-12-22] ()
Task: {D7CA42A2-2462-42AE-A252-EC1CF7031071} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-06-17] ()
Task: {DB2DF3E6-C4A4-40EB-B305-8DB381371498} - System32\Tasks\{DE5535DF-D6B3-4103-8B6E-C0402D1C36E5} => C:\Users\Bary\Desktop\InstalDrv_A835_Win7_x64_V8.0.64.70_140114.exe
Task: {E3BA1AA2-7F24-459A-85FA-19D176DD4CF1} - System32\Tasks\{1B9C4DC8-E7A0-4700-AB83-E0BFB34231B0} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
Task: {E5BC4CCB-BF88-4D31-B6EF-B26AE2A51A10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {EC1DD72C-9FEB-40AC-ADA7-0FB27E7056F3} - System32\Tasks\{9CCBD2BD-B9B8-432C-9CE1-394349DFA5AC} => D:\Nový sturmovik\il2fb.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-08-05 14:54 - 2015-02-05 20:07 - 000117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-09 17:25 - 2011-04-01 07:52 - 000403456 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2016-06-17 11:43 - 2016-06-17 11:43 - 000145696 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2016-06-17 11:43 - 2016-06-17 11:43 - 000060840 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2016-06-17 11:44 - 2016-06-17 11:44 - 000035240 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-01-17 06:48 - 2010-09-07 03:21 - 000538435 _____ () C:\Program Files (x86)\JpegResampler2010\JRcm64.dll
2015-03-09 17:25 - 2012-10-17 08:24 - 000163840 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2013-08-05 11:13 - 2010-05-24 10:10 - 000076192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-08-05 11:13 - 2010-05-24 10:10 - 000383904 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-08-05 11:13 - 2010-05-24 10:10 - 000103328 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-08-05 11:13 - 2010-05-24 10:10 - 064641440 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 000053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-08 13:37 - 2018-03-08 13:37 - 005826192 _____ () C:\Program Files\AVAST Software\Avast\defs\18030800\algo.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2016-09-11 12:34 - 2012-06-09 17:33 - 000053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2013-08-05 11:40 - 2009-03-19 21:35 - 000208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2013-08-05 11:40 - 2009-03-19 21:35 - 000008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2013-08-05 11:40 - 2009-01-15 13:55 - 000565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2013-08-05 11:40 - 2009-03-25 15:53 - 000053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-06 21:54 - 2018-03-06 21:54 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-08 10:54 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9FCB0EC0-3442-40EA-927B-49FC4AEAF2AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{26E45136-D7F7-47B6-9FF7-6B7A24FF0174}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4608F19E-0863-4DBD-8B6C-61069A2857F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E698442C-6049-497E-BF9B-8E22754BAD7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1869D280-4EBD-4994-8E79-D71E5EFF4B11}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{079ADBD4-7E71-42B7-BBFD-5E1EF81D55C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4D06028D-EF76-45B6-8619-1DE55F62B47D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8516E130-D06F-4F93-9012-FBCF655D7A70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2A126655-28DF-4D1E-BDCA-983690106FC2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E5FD1D6-782E-434A-B3EA-34A53A154C90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BEC78198-9F83-4EB2-8FEC-1E18C0FDB335}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1379E2D8-9D73-4965-88FB-9AF9CD6150CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2A1352F-45A2-4E28-A9E3-797CBE66C81C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{F4804431-1654-488B-A8A9-3FC92F470318}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1B6A19CF-9309-4514-9E41-90A1A5E29A70}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{F18B6CDA-6D63-4938-8CD6-93F40B97CB85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3F5FF75-273E-4CCE-8E03-F2515B19AE3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4248A73B-46C8-4019-A077-1B332D9356F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{33ECB57E-2111-4B40-92B3-49CF32981CC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{907C08F2-74F8-4367-935F-F8D5322FAA39}] => (Allow) LPort=8501
FirewallRules: [{3DBA08C6-F19B-48EB-9F04-F24E1F52EAF8}] => (Allow) LPort=8501
FirewallRules: [TCP Query User{F79CE133-E208-4F19-A39D-0E96901BAB5F}D:\letecké simulátory\nový sturmovik\il2fb.exe] => (Allow) D:\letecké simulátory\nový sturmovik\il2fb.exe
FirewallRules: [UDP Query User{F232A457-4DC8-4231-A377-3A356622AFE4}D:\letecké simulátory\nový sturmovik\il2fb.exe] => (Allow) D:\letecké simulátory\nový sturmovik\il2fb.exe
FirewallRules: [{BAE7C789-0833-4F29-B02C-C3967A75A67E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{4908AEA1-34BA-48C8-8BE9-3AAD7EC363A8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe

==================== Restore Points =========================

15-11-2017 03:36:43 Windows Update
23-11-2017 20:20:16 Naplánovaný kontrolní bod
29-11-2017 05:32:51 Windows Update
14-12-2017 17:47:00 Revo Uninstaller's restore point - Steam
14-12-2017 17:58:23 Revo Uninstaller's restore point - doPDF 8
14-12-2017 17:59:07 Revo Uninstaller's restore point - doPDF 8
25-12-2017 03:33:09 Naplánovaný kontrolní bod
01-01-2018 21:17:31 Naplánovaný kontrolní bod
14-01-2018 21:35:20 Naplánovaný kontrolní bod
23-01-2018 23:18:52 Naplánovaný kontrolní bod
04-02-2018 21:12:39 Naplánovaný kontrolní bod
12-02-2018 23:13:03 Naplánovaný kontrolní bod
25-02-2018 19:21:04 Naplánovaný kontrolní bod
06-03-2018 00:20:24 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2018 04:43:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/03/2018 04:43:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/03/2018 04:43:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/28/2018 12:08:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/28/2018 12:08:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/28/2018 12:08:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/17/2018 09:19:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: hpqSTE08.exe, verze: 130.0.469.0, časové razítko: 0x4ab67ca4
Název chybujícího modulu: MSVCR90.dll, verze: 9.0.30729.6161, časové razítko: 0x4dace5b9
Kód výjimky: 0xc0000417
Posun chyby: 0x0006ccd5
ID chybujícího procesu: 0x14e4
Čas spuštění chybující aplikace: 0x01d3a757aff3cab1
Cesta k chybující aplikaci: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
Cesta k chybujícímu modulu: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
ID zprávy: 46e7562a-13bb-11e8-88c8-20cf30e830a5

Error: (02/15/2018 12:11:24 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (03/08/2018 03:34:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (03/08/2018 03:34:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (03/08/2018 03:32:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (03/08/2018 03:32:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (03/08/2018 03:32:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AVerUpdateServer byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/08/2018 03:32:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/08/2018 03:32:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (03/08/2018 03:32:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA GeForce Experience Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2015-01-31 04:10:20.216
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{FAB3E7C7-3E9D-4C65-BD00-E6EF261CC2E4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-09-23 05:17:05.447
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{99764629-BA61-456F-A216-F090C5D7A40D}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-08-27 05:15:30.683
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{69E58F76-6540-4811-81C6-544B3F9FA751}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-10-20 15:14:00.391
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2015-02-01 20:20:36.710
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2015-02-01 20:02:47.197
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2016-08-06 02:00:44.671
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-06 01:59:36.083
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-06 01:59:35.724
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 23:48:21.290
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 23:47:06.348
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 23:47:06.098
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 17:50:15.208
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 17:50:14.864
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 4087.05 MB
Available physical RAM: 2876.79 MB
Total Virtual: 8172.29 MB
Available Virtual: 6120.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:175.68 GB) (Free:86.07 GB) NTFS
Drive d: (DATA) (Fixed) (Total:755.73 GB) (Free:365.12 GB) NTFS

\\?\Volume{c3b0d801-fdb3-11e2-b583-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2CE75AB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=175.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=755.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Dál? :) S62

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#6 Příspěvek od Conder »

:arrow: Doinstaluj vsetky dolezite aktualizacie cez Windows Update.

:arrow: Inak vyzera to OK, len precistime zbytocnosti.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
    ContextMenuHandlers1-x32-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
    Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
    Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
    Task: {56F59FC6-176D-4EBD-B10A-1245044329D3} - System32\Tasks\{8EAB665E-EC7C-4E4C-A5BC-61536CA4E313} => E:\WINNT\Setup.exe
    Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
    Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\...\localhost -> localhost
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#7 Příspěvek od Sagitt62 »

Stalo se,log zde:

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Bary (08-03-2018 17:23:00) Run:2
Running from C:\Users\Bary\Desktop
Loaded Profiles: Bary (Available Profiles: Bary & Janyška)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
ContextMenuHandlers1-x32-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {0313C39B-2EF5-4A8A-9ED1-31120071BFF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {45B06AF5-F42B-4B73-A718-D70E861659D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {56F59FC6-176D-4EBD-B10A-1245044329D3} - System32\Tasks\{8EAB665E-EC7C-4E4C-A5BC-61536CA4E313} => E:\WINNT\Setup.exe
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {63E47088-3F7B-4812-B1E2-D8BED572446D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\...\localhost -> localhost

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\MSICDSetup" => removed successfully
MSICDSetup => service removed successfully
"HKLM\System\CurrentControlSet\Services\pccsmcfd" => removed successfully
pccsmcfd => service removed successfully
ContextMenuHandlers1-x32-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0313C39B-2EF5-4A8A-9ED1-31120071BFF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0313C39B-2EF5-4A8A-9ED1-31120071BFF4}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0313C39B-2EF5-4A8A-9ED1-31120071BFF4} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45B06AF5-F42B-4B73-A718-D70E861659D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45B06AF5-F42B-4B73-A718-D70E861659D9}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45B06AF5-F42B-4B73-A718-D70E861659D9} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56F59FC6-176D-4EBD-B10A-1245044329D3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56F59FC6-176D-4EBD-B10A-1245044329D3}" => removed successfully
C:\Windows\System32\Tasks\{8EAB665E-EC7C-4E4C-A5BC-61536CA4E313} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EAB665E-EC7C-4E4C-A5BC-61536CA4E313}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63E47088-3F7B-4812-B1E2-D8BED572446D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E47088-3F7B-4812-B1E2-D8BED572446D}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E47088-3F7B-4812-B1E2-D8BED572446D} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E47088-3F7B-4812-B1E2-D8BED572446D} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => not found
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\S-1-5-21-2795746050-3627135712-4210470686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19358254 B
Java, Flash, Steam htmlcache => 1120 B
Windows/system/drivers => 379616 B
Edge => 0 B
Chrome => 0 B
Firefox => 247839791 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Bary => 3574422 B
UpdatusUser => 0 B
Janyška => 34415574 B

RecycleBin => 67467 B
EmptyTemp: => 291.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:23:38 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#8 Příspěvek od Conder »

:arrow: OK. Ak uz nie su ziadne problemy s PC, tak este upraceme po pouzitych nastrojoch: :arrow: Skontroluj velkost plochy (C:\Users\Bary\Desktop a C:\Users\Janyška\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#9 Příspěvek od Sagitt62 »

Provedeno:

Plocha 64MB

Úklid:

# DelFix v1.013 - Logfile created 08/03/2018 at 17:40:01
# Updated 17/04/2016 by Xplode
# Username : Bary - BARY_PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Bary\Desktop\Fixlog.txt
Deleted : C:\Users\Bary\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Jen ty aktualizace nějak nefungují - mám nastaveno "stahovat,ale dotázat se zda instalovat" Podle historie byly posl. instalovány v listopadu 2017. Teď mi to hlásí,že služba není spuštěna. Měnil jsem nastavení,restartoval - a nic... Nějaká rada? :)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#10 Příspěvek od Conder »

:arrow: OK, stiahni este raz FRST a uloz na plochu: https://www.bleepingcomputer.com/downlo ... scan-tool/

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CMD: sc config "wuauserv" start= auto
    CMD: net stop "wuauserv"
    CMD: ren c:\windows\SoftwareDistribution softwaredistribution.old 
    CMD: net start "wuauserv"
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Pockaj na dokoncenie
  • Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj
:arrow: Vyskusaj nainstalovat aktualizacie.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#11 Příspěvek od Sagitt62 »

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Bary (08-03-2018 18:47:44) Run:1
Running from C:\Users\Bary\Desktop
Loaded Profiles: Bary (Available Profiles: Bary & Janyška)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: sc config "wuauserv" start= auto
CMD: net stop "wuauserv"
CMD: ren c:\windows\SoftwareDistribution softwaredistribution.old
CMD: net start "wuauserv"
End
*****************


========= sc config "wuauserv" start= auto =========

[SC] ChangeServiceConfig ŁspŘch

========= End of CMD: =========


========= net stop "wuauserv" =========

Zastavov nˇ slu§by Windows Update.
Slu§ba Windows Update byla ŁspŘçnŘ zastavena.


========= End of CMD: =========


========= ren c:\windows\SoftwareDistribution softwaredistribution.old =========


========= End of CMD: =========


========= net start "wuauserv" =========

SpouçtŘnˇ slu§by Windows Update.
Slu§ba Windows Update byla ŁspŘçnŘ spuçtŘna.


========= End of CMD: =========


==== End of Fixlog 18:47:49 ====

Vypadá to,že aktualizace jedou! Dííík! :| :|

Sagitt62
Návštěvník
Návštěvník
Příspěvky: 131
Registrován: 25 kvě 2008 13:40

Re: Kontr. logu po napadení "policejním virem"

#12 Příspěvek od Sagitt62 »

Ještě nějaká doporučení? Jinak díky a můžeš toto tema zamknout. S62

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontr. logu po napadení "policejním virem"

#13 Příspěvek od Conder »

:arrow: Nie je zaco, rad som pomohol :)

:arrow: Mozes to znova precistit DelFixom (postup taky isty), log netreba.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zamčeno