VIRY.CZ

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [117248 2018-04-13] (pdfforge GmbH) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{15601C4F-0785-412A-BDC7-0069DA945582}: [NameServer] 213.211.45.3,212.96.160.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,10.40.128.1,-1]

Edge:
======
Edge Profile: C:\Users\Robin\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-27]

FireFox:
========
FF DefaultProfile: dnduyjzt.default-1438453465701
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701 [2020-10-18]
FF DownloadDir: E:\stažené soubory
FF Homepage: Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701 -> hxxp://www.seznam.cz/
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\firefox@ghostery.com.xpi [2020-10-14]
FF Extension: (HTTPS Everywhere) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\https-everywhere@eff.org.xpi [2020-08-19]
FF Extension: (To Google Translate) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-11-25]
FF Extension: (uBlock Origin) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\uBlock0@raymondhill.net.xpi [2020-10-16]
FF Extension: (DownThemAll!) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2020-02-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default [2020-06-27]
CHR Extension: (Prezentace) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-19]
CHR Extension: (Dokumenty) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-19]
CHR Extension: (Disk Google) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-09-19]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-19]
CHR Extension: (Tabulky) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-19]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-06] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 14:43 - 2020-10-18 14:43 - 000009207 _____ C:\Users\Robin\Desktop\FRST.txt
2020-10-18 14:42 - 2020-10-18 14:42 - 000000000 ____D C:\FRST
2020-10-18 12:26 - 2020-10-18 12:25 - 002299904 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-16 11:05 - 2020-10-16 11:05 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-13 21:36 - 2020-10-18 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-02 12:03 - 2020-10-04 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-09-29 09:18 - 2020-09-29 09:40 - 000000000 ____D C:\Users\Admin\Documents\Larian Studios
2020-09-29 09:18 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Admin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Robin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin 2 Definitive Edition
2020-09-26 08:32 - 2020-09-26 08:34 - 000000000 ____D C:\Fraps
2020-09-26 08:32 - 2020-09-26 08:32 - 000000568 _____ C:\Users\Robin\Desktop\Fraps.lnk
2020-09-26 08:32 - 2020-09-26 08:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 14:34 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-18 14:34 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 12:32 - 2019-01-13 17:14 - 000033792 _____ C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-10-18 08:35 - 2010-11-21 11:27 - 000670334 _____ C:\Windows\system32\perfh005.dat
2020-10-18 08:35 - 2010-11-21 11:27 - 000141946 _____ C:\Windows\system32\perfc005.dat
2020-10-18 08:35 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 08:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-10-18 08:30 - 2017-12-16 14:21 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-18 08:29 - 2016-11-18 01:09 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2020-10-18 08:29 - 2014-02-26 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 08:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-16 11:05 - 2019-01-14 16:57 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-16 11:05 - 2018-10-21 07:57 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-13 22:06 - 2014-02-25 16:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-13 22:06 - 2014-02-25 16:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-29 09:40 - 2014-02-25 15:33 - 000265832 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-09-28 12:33 - 2019-03-24 11:35 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2020-09-26 13:26 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\Documents\Larian Studios
2020-09-26 13:14 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\AppData\Local\LarianLauncher
2020-09-25 18:01 - 2015-05-18 21:16 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-24 19:42 - 2014-02-26 19:32 - 000000000 ____D C:\Users\Robin\AppData\Roaming\XnView
2020-09-23 15:09 - 2014-02-26 17:48 - 000000000 ____D C:\ProgramData\Mozilla

==================== Files in the root of some directories ========

2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-01-13 17:14 - 2020-10-18 12:32 - 000033792 _____ () C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-09-13 13:09 - 2020-09-13 13:09 - 000000832 _____ () C:\Users\Robin\AppData\Local\recently-used.xbel
2019-10-22 23:34 - 2019-10-22 23:34 - 000173038 _____ () C:\Users\Robin\AppData\Local\Temp1C86B0187D0712036CB1FC8965EE8F5C_S_Stat_22dgobta.zip

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. The user is not administrator -> Nelze otev��t �lo�i�t� konfigura�n�ch dat spou�t�n�.
P��stup byl odep�en.

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Robin (18-10-2020 14:43:51)
Running from C:\Users\Robin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-25 13:28:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2485784249-3341709608-829223016-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2485784249-3341709608-829223016-500 - Administrator - Disabled)
Guest (S-1-5-21-2485784249-3341709608-829223016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485784249-3341709608-829223016-1003 - Limited - Enabled)
Robin (S-1-5-21-2485784249-3341709608-829223016-1004 - Limited - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.445 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Advanced JPEG Compressor 2011 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2011 - WinSoftMagic Inc.)
Aegisub 3.2.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.0 - Aegisub Team)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
calibre (HKLM-x32\...\{0B374B2C-FE04-4741-B0B2-B14D84CEDAFF}) (Version: 3.35.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Expeditions: Viking (HKLM-x32\...\1450363937_is1) (Version: 1.0.7.4 - GOG.com)
Factorio (HKLM-x32\...\Factorio_is1) (Version: - )
Fallout3_CZ_1.0.0.15_patch (HKU\S-1-5-21-2485784249-3341709608-829223016-1004\...\{A403D710-B87F-11DD-6784-0F41E62818BE}) (Version: 1.0.0.15 - Cenega Czech)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version: - Kalypso Media)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Grim Dawn Forgotten Gods (HKLM-x32\...\Grim Dawn Forgotten Gods_is1) (Version: - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 81.0.2.7590 - Mozilla)
Mozilla Thunderbird 68.12.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 68.12.1 (x86 cs)) (Version: 68.12.1 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
PhotoImpact X3 (HKLM-x32\...\{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel) Hidden
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: 200908 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spellcross (DOSBox 0.74 emulace) (HKLM-x32\...\Spellcross (DOSBox 0.74 emulace)) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [AJC] -> {5071CDA5-D3E1-11D5-BFC0-005004A71005} => C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [2001-11-22] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Robin\Desktop\Spellcross.lnk -> C:\Hry\Spellcross\Play.bat ()

==================== Loaded Modules (Whitelisted) =============

2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\MSVCP140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\ucrtbase.DLL
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\VCRUNTIME140_1.dll
2018-09-16 13:23 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.triline.cz
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-13 09:16 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.211.45.3 - 212.96.160.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B49E75B1-A3B8-44ED-AE11-B46785FD2E67}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EDE61EF5-D8FF-4FAE-B94D-C935A3344EB1}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A6187EB-8DC1-4C89-88D9-3E9928F6940F}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04FBBF19-723A-49A9-AAAE-FA93DA9005C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74B21F8B-7609-4F49-9022-9B9197B09F4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5991C55-B6A8-460F-B8E7-E41EF986D8D0}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{D37F2FA0-711E-4A01-BD05-8DCD73EC9E95}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{24316309-A1F6-468B-B10A-EEB36BCC0F08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{78ED4724-0F7A-4A6F-8FE4-0DAB928BD5F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29CC7501-9030-44DC-B16D-E5266489C60F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA322048-9FB3-4A42-B9AC-99A91E28237E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D7896EF1-9C27-4124-96F8-39635717B3FF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{46CF13F4-2BD8-4081-8F97-BF13859745E3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{9FC710FC-3CBA-41DA-ADB2-950EF7C0FE2B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{5C8CD737-8AF7-4D9D-AA37-F09E661E52E6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{3D336B23-9B4C-4844-B932-F44616F083E1}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{D23197A2-1D5F-4111-94A0-91826E46E1F3}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [{9CEAC37D-CBD9-4A1C-A0F1-2D04EBF1CA17}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{F82FC33E-8CD6-4738-AC2B-3F2986F9AB82}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{1EF79CD8-B7D3-4D2B-A4EA-3612AE214118}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [UDP Query User{94A7B34A-6184-4880-85D4-B0DE38B56AEF}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{F04177A1-43D9-408C-B31E-96EA2FE53999}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{11C44EE3-D698-4FF2-9783-0EA355D4D52D}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:103 GB) (Free:7.91 GB) (8%)
Check "VSS" service


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:29:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2020 09:33:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2020 04:16:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 09:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 11:31:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:53:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2020 07:50:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 08:29:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (10/13/2020 03:01:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f020b): SAMSUNG Electronics Co., Ltd. - USB - 2.16.14.0.


CodeIntegrity:
===================================

Date: 2014-08-15 16:18:13.943
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.825
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.197
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.1 01/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8136.02 MB
Available physical RAM: 4019.94 MB
Total Virtual: 13134.16 MB
Available Virtual: 8519.58 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:103 GB) (Free:7.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:56.52 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:1863.01 GB) (Free:39.45 GB) NTFS

\\?\Volume{4e7be4a2-9b09-11e3-b7a6-d43d7effa8c6}\ (WinRE-ATC) (Fixed) (Total:8.79 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-18-2020
# Duration: 00:00:37
# OS: Windows 7 Home Premium
# Scanned: 31837
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1257 octets] - [16/06/2019 19:52:39]
AdwCleaner[S01].txt - [1318 octets] - [22/06/2019 07:37:57]
AdwCleaner[S02].txt - [1379 octets] - [08/07/2019 19:45:52]
AdwCleaner[S03].txt - [1440 octets] - [12/07/2019 08:37:15]
AdwCleaner[S04].txt - [1501 octets] - [12/07/2019 09:04:26]
AdwCleaner[S05].txt - [1562 octets] - [18/07/2019 21:44:57]
AdwCleaner[S06].txt - [1699 octets] - [01/08/2019 12:15:32]
AdwCleaner[S07].txt - [1760 octets] - [16/08/2019 16:43:31]
AdwCleaner[S08].txt - [1821 octets] - [30/08/2019 10:58:29]
AdwCleaner[S09].txt - [1882 octets] - [31/08/2019 17:09:35]
AdwCleaner_Debug.log - [33007 octets] - [13/09/2019 07:34:54]
AdwCleaner[S10].txt - [2005 octets] - [13/09/2019 07:35:22]
AdwCleaner[S11].txt - [2067 octets] - [13/09/2019 08:04:06]
AdwCleaner[S12].txt - [2128 octets] - [19/09/2019 20:54:35]
AdwCleaner[S13].txt - [2189 octets] - [23/09/2019 16:36:10]
AdwCleaner[S14].txt - [2250 octets] - [28/09/2019 08:47:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S15].txt ##########

Logy FRST nie su kompletne a je nutne FRST spustit pod uctom administratora.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by Admin (administrator) on TRILINE (ATComputers TRILINE PROFI I108) (18-10-2020 23:46:51)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Robin
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <8>
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [117248 2018-04-13] (pdfforge GmbH) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF6F5FE-3926-48A0-AE65-FDB0726B74AB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {32497A94-DF03-4A04-996E-5FDD5F981B63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3D0695FF-9E63-4A4A-85DA-2DAC77ADB8BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4496488 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
Task: {442BF7A8-9BE6-4C98-A217-498CA12CD61B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {8A45F4D7-DAA6-4F5D-AFDE-6692BE2F0A84} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {8B162B5E-8087-4E9F-AE9D-B600C20D8DC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
Task: {AD793E57-09A2-4FF1-A9F0-A21141EE9F94} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D4095D1E-53FD-4204-9F2C-F2A83127CB3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{15601C4F-0785-412A-BDC7-0069DA945582}: [NameServer] 213.211.45.3,212.96.160.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,10.40.128.1,-1]

Edge:
======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-27]

FireFox:
========
FF DefaultProfile: imtd495u.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default [2020-09-26]
FF DownloadDir: C:\Users\Admin\Desktop\stažené soubory
FF Homepage: Mozilla\Firefox\Profiles\imtd495u.default -> hxxps://www.seznam.cz/
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\firefox@ghostery.com.xpi [2020-09-26]
FF Extension: (To Google Translate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-28]
FF Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\uBlock0@raymondhill.net.xpi [2019-12-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-06] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 23:45 - 2020-10-18 23:47 - 000010496 _____ C:\Users\Admin\Desktop\FRST.txt
2020-10-18 14:42 - 2020-10-18 23:47 - 000000000 ____D C:\FRST
2020-10-18 12:26 - 2020-10-18 12:25 - 002299904 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2020-10-16 20:19 - 2020-10-16 20:19 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-16 11:05 - 2020-10-16 11:05 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-16 11:05 - 2020-10-16 11:05 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-13 21:36 - 2020-10-18 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-02 12:03 - 2020-10-04 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-09-29 09:18 - 2020-09-29 09:40 - 000000000 ____D C:\Users\Admin\Documents\Larian Studios
2020-09-29 09:18 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Admin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Robin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin 2 Definitive Edition
2020-09-26 08:32 - 2020-09-26 08:34 - 000000000 ____D C:\Fraps
2020-09-26 08:32 - 2020-09-26 08:32 - 000000568 _____ C:\Users\Robin\Desktop\Fraps.lnk
2020-09-26 08:32 - 2020-09-26 08:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 23:44 - 2016-11-18 01:09 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2020-10-18 22:25 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-18 22:25 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 22:19 - 2020-06-27 10:24 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 22:19 - 2020-06-27 10:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-18 22:19 - 2019-12-24 09:50 - 000004366 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-10-18 22:19 - 2019-07-18 21:44 - 000004484 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-18 22:19 - 2019-07-12 08:22 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-10-18 22:19 - 2018-12-09 00:55 - 000004206 _____ C:\Windows\system32\Tasks\Norton Security Scan for Admin
2020-10-18 22:19 - 2017-12-06 17:11 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-10-18 22:19 - 2015-05-18 21:16 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-10-18 12:32 - 2019-01-13 17:14 - 000033792 _____ C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-10-18 08:35 - 2010-11-21 11:27 - 000670334 _____ C:\Windows\system32\perfh005.dat
2020-10-18 08:35 - 2010-11-21 11:27 - 000141946 _____ C:\Windows\system32\perfc005.dat
2020-10-18 08:35 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 08:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-10-18 08:30 - 2017-12-16 14:21 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-18 08:29 - 2014-02-26 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 08:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-16 11:05 - 2019-01-14 16:57 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-16 11:05 - 2018-10-21 07:57 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-16 11:05 - 2017-08-12 10:16 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-10-13 22:06 - 2014-02-25 16:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-13 22:06 - 2014-02-25 16:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-29 09:40 - 2014-02-25 15:33 - 000265832 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-09-28 12:33 - 2019-03-24 11:35 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2020-09-26 13:26 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\Documents\Larian Studios
2020-09-26 13:14 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\AppData\Local\LarianLauncher
2020-09-26 09:07 - 2016-12-14 21:22 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2020-09-25 18:01 - 2015-05-18 21:16 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-24 19:42 - 2014-02-26 19:32 - 000000000 ____D C:\Users\Robin\AppData\Roaming\XnView
2020-09-23 15:09 - 2014-02-26 17:48 - 000000000 ____D C:\ProgramData\Mozilla

==================== Files in the root of some directories ========

2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-08-01 12:08 - 2019-12-02 20:04 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-10-14 10:51
==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Admin (18-10-2020 23:47:26)
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-25 13:28:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2485784249-3341709608-829223016-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2485784249-3341709608-829223016-500 - Administrator - Disabled)
Guest (S-1-5-21-2485784249-3341709608-829223016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485784249-3341709608-829223016-1003 - Limited - Enabled)
Robin (S-1-5-21-2485784249-3341709608-829223016-1004 - Limited - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.445 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Advanced JPEG Compressor 2011 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2011 - WinSoftMagic Inc.)
Aegisub 3.2.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.0 - Aegisub Team)
Age of Wonders Planetfall Invasions (HKU\S-1-5-21-2485784249-3341709608-829223016-1001\...\Age of Wonders Planetfall Invasions) (Version: - HOODLUM)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
calibre (HKLM-x32\...\{0B374B2C-FE04-4741-B0B2-B14D84CEDAFF}) (Version: 3.35.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Expeditions: Viking (HKLM-x32\...\1450363937_is1) (Version: 1.0.7.4 - GOG.com)
Factorio (HKLM-x32\...\Factorio_is1) (Version: - )
Fallout3_CZ_1.0.0.15_patch (HKU\S-1-5-21-2485784249-3341709608-829223016-1004\...\{A403D710-B87F-11DD-6784-0F41E62818BE}) (Version: 1.0.0.15 - Cenega Czech)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version: - Kalypso Media)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Grim Dawn Forgotten Gods (HKLM-x32\...\Grim Dawn Forgotten Gods_is1) (Version: - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 81.0.2.7590 - Mozilla)
Mozilla Thunderbird 68.12.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 68.12.1 (x86 cs)) (Version: 68.12.1 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
PhotoImpact X3 (HKLM-x32\...\{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel) Hidden
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: 200908 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spellcross (DOSBox 0.74 emulace) (HKLM-x32\...\Spellcross (DOSBox 0.74 emulace)) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [AJC] -> {5071CDA5-D3E1-11D5-BFC0-005004A71005} => C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [2001-11-22] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\MSVCP140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\ucrtbase.DLL
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\VCRUNTIME140_1.dll
2018-04-13 20:06 - 2018-04-13 20:06 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.triline.cz
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-13 09:16 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.211.45.3 - 212.96.160.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B49E75B1-A3B8-44ED-AE11-B46785FD2E67}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EDE61EF5-D8FF-4FAE-B94D-C935A3344EB1}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A6187EB-8DC1-4C89-88D9-3E9928F6940F}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04FBBF19-723A-49A9-AAAE-FA93DA9005C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74B21F8B-7609-4F49-9022-9B9197B09F4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5991C55-B6A8-460F-B8E7-E41EF986D8D0}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{D37F2FA0-711E-4A01-BD05-8DCD73EC9E95}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{24316309-A1F6-468B-B10A-EEB36BCC0F08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{78ED4724-0F7A-4A6F-8FE4-0DAB928BD5F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29CC7501-9030-44DC-B16D-E5266489C60F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA322048-9FB3-4A42-B9AC-99A91E28237E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D7896EF1-9C27-4124-96F8-39635717B3FF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{46CF13F4-2BD8-4081-8F97-BF13859745E3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{9FC710FC-3CBA-41DA-ADB2-950EF7C0FE2B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{5C8CD737-8AF7-4D9D-AA37-F09E661E52E6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{3D336B23-9B4C-4844-B932-F44616F083E1}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{D23197A2-1D5F-4111-94A0-91826E46E1F3}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [{9CEAC37D-CBD9-4A1C-A0F1-2D04EBF1CA17}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{F82FC33E-8CD6-4738-AC2B-3F2986F9AB82}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{1EF79CD8-B7D3-4D2B-A4EA-3612AE214118}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [UDP Query User{94A7B34A-6184-4880-85D4-B0DE38B56AEF}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{F04177A1-43D9-408C-B31E-96EA2FE53999}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{11C44EE3-D698-4FF2-9783-0EA355D4D52D}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:29:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2020 09:33:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2020 04:16:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 09:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 11:31:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:53:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2020 07:50:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 08:29:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (10/13/2020 03:01:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f020b): SAMSUNG Electronics Co., Ltd. - USB - 2.16.14.0.


CodeIntegrity:
===================================

Date: 2014-08-15 16:18:13.943
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.825
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.197
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.1 01/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8136.02 MB
Available physical RAM: 4803.96 MB
Total Virtual: 13134.16 MB
Available Virtual: 9714.88 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:103 GB) (Free:10.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:56.39 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:1863.01 GB) (Free:39.45 GB) NTFS

\\?\Volume{4e7be4a2-9b09-11e3-b7a6-d43d7effa8c6}\ (WinRE-ATC) (Fixed) (Total:8.79 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5A4EEB50)
Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 795381E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 45DB875B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Admin (20-10-2020 13:25:22) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Robin
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\...\system: [disablecmd] 0
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
2020-10-18 22:19 - 2020-06-27 10:24 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 22:19 - 2020-06-27 10:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-08-01 12:08 - 2019-12-02 20:04 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini
AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

EmptyTemp:

*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\Microsoft\Windows\System\\disablecmd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7FFF6BC-E472-4F42-A199-8395CF0249B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7FFF6BC-E472-4F42-A199-8395CF0249B5}" => removed successfully
C:\Windows\System32\Tasks\Norton Security Scan for Admin => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for Admin" => removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
C:\ProgramData\cmdres.dll => moved successfully
C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini => moved successfully
C:\Users\Admin\Downloads => ":Shareaza.GUID" ADS could not remove.
C:\Users\Robin\Downloads => ":Shareaza.GUID" ADS could not remove.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{169BF712-789D-41AD-A264-04B7A3AC135F} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2156716 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 157501 B
Edge => 0 B
Chrome => 0 B
Firefox => 95540933 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 256 B
UpdatusUser => 256 B
Admin => 18160477 B
Robin => 446481920 B

RecycleBin => 57455 B
EmptyTemp: => 544.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:25:26 ====

Ako je na tom pocitac?

pc je ok...to byla jen kontrola pro klid mé duše

Ok, dobre.