Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

blue windows

To, co se nehodí jinam..

Moderátor: Moderátoři

Zpráva
Autor
Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

blue windows

#1 Příspěvek od Atari »

Nazdar borci, jen při hraní GTA 5 mi naskočí blue windows (viz obrázek - https://uloz.to/!l17glH1IloXH/1-jpg) a systém se restartuje. Celkem problém když dokončujete dlouhou misi a před koncem mise se vám restaruje pc. Podotýkám, že vše je origo jak GTA 5 tak Win.

Díky za každou RADU

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#2 Příspěvek od Diallix »

Nie sme herne forum.

Ak to robi len pri tejto hre, moze ist o pretazenie CPU.

Skuste toto: https://www.tenforums.com/tutorials/690 ... -10-a.html
konkretne OPTION ONE

Ked budete pri tomto okienku: https://www.tenforums.com/attachments/t ... tart-2.png

tak odciarknite ten chlievik Automatically Restart.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#3 Příspěvek od Atari »

Děkuji za odpověď. Už to řeším na hracím foru - čekám na odpověď. I tak poprosím o kontrolu logu. Pokud mám požadavek přesunout do jiné sekce stačí říct. Ve všem vyhovím.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by Atari (administrator) on ATARI-PC (12-02-2019 15:23:02)
Running from F:\stažené
Loaded Profiles: Atari (Available Profiles: Atari)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dell Laser Printer 1110 SM_JB] => C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe [222448 2009-08-21] (Dell Inc. -> )
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Atari\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {4275f2f7-08bc-11e8-a5ef-e03f4986cf50} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {a54588ce-fd53-11e7-92d4-806e6f6e6963} - G:\Bin\ASSETUP.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {d3c562d4-fd57-11e7-a57b-806e6f6e6963} - G:\Setup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{218B770E-D2F9-4ADE-80CE-05FB52A2B68F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {1FB0EA19-0358-4CA8-9DA0-975EA9C0EF68} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {259C1EA4-1866-415B-81CC-B4665A424B59} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {2D653AF0-AC66-408A-9A8D-353E7234B3F1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {322203C9-31C6-4459-A147-96FD73BD58F3} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {6A80711B-02DB-4C13-A2A3-A6F4F18C983C} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {BC2871AA-A465-4E7A-9513-568359BEA0E1} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {CAF9507C-76C4-4FE1-A242-DA68414011E7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {D67844AF-C1E4-4296-BC12-5FA248FC122C} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {E2E52D39-875F-4FEB-B5E9-A4A22EB2FF31} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2h739zmo.default
FF ProfilePath: C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default [2019-02-12]
FF Homepage: Mozilla\Firefox\Profiles\2h739zmo.default -> seznam.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\2h739zmo.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Avast Passwords) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2019-01-12]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-11-25]
FF Extension: (Avast SafePrice) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\sp@avast.com.xpi [2018-06-21]
FF Extension: (Avast Online Security) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\wrc@avast.com.xpi [2019-01-30]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTab.html"

CHR Profile: C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default [2019-02-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2018-09-29]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-09-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-30]
CHR Extension: (Avast Online Security) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-29]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-30]
CHR HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [499080 2019-01-23] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-01-22] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [367728 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [106816 2013-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [52797832 2019-01-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [579976 2019-01-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [237416 2018-12-29] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [82240 2013-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [42304 2013-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\Performance Profile Client\amd64\AODDriver2.sys [60104 2015-02-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-19] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512048 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104840 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2019-02-11] (CPUID -> CPUID)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-29] (Martin Malik - REALiX -> REALiX(tm))
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-12 15:22 - 2019-02-12 15:23 - 000000000 ____D C:\FRST
2019-02-11 21:56 - 2019-02-11 21:57 - 000834254 _____ C:\Users\Atari\Desktop\Bez názvu.bmp
2019-02-11 21:34 - 2019-02-11 21:34 - 917434233 _____ C:\Windows\MEMORY.DMP
2019-02-11 21:34 - 2019-02-11 21:34 - 000280312 _____ C:\Windows\Minidump\021119-13072-01.dmp
2019-02-11 17:22 - 2019-02-11 21:34 - 000000000 ____D C:\Windows\Minidump
2019-02-06 09:52 - 2019-02-06 09:52 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-03 16:48 - 2019-02-12 15:02 - 000003102 _____ C:\Windows\System32\Tasks\AMDLinkUpdate
2019-02-03 16:48 - 2019-02-11 21:34 - 000003290 _____ C:\Windows\System32\Tasks\StartCNBM
2019-02-03 16:48 - 2019-02-11 21:34 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-02-03 16:48 - 2019-02-11 21:34 - 000003116 _____ C:\Windows\System32\Tasks\ModifyLinkUpdate
2019-02-03 16:48 - 2019-02-03 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2019-02-03 16:48 - 2019-02-03 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2019-02-03 16:23 - 2019-02-03 16:23 - 026485000 _____ (AMD Inc.) C:\Users\Atari\Downloads\radeon-software-adrenalin-2019-19.1.2-minimalsetup-190124_64bit.exe
2019-01-23 02:02 - 2019-01-23 02:02 - 056423816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2019-01-23 02:02 - 2019-01-23 02:02 - 000331656 _____ C:\Windows\system32\clinfo.exe
2019-01-23 02:02 - 2019-01-23 02:02 - 000168328 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-01-23 02:02 - 2019-01-23 02:02 - 000144776 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-01-23 02:01 - 2019-01-23 02:01 - 046296456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2019-01-23 02:01 - 2019-01-23 02:01 - 026476936 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2019-01-23 02:01 - 2019-01-23 02:01 - 021245832 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2019-01-23 01:59 - 2019-01-23 01:59 - 001578376 _____ (AMD) C:\Windows\system32\coinst_18.50.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 021582216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 018369928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 003726216 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 003354504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2019-01-23 01:58 - 2019-01-23 01:58 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2019-01-23 01:56 - 2019-01-23 01:56 - 032465288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 012248440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000178872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000156440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000156200 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000149384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000134280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000123240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000117072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000117072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000108296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000096424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2019-01-23 01:51 - 2019-01-23 01:51 - 000096424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 052797832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2019-01-23 01:50 - 2019-01-23 01:50 - 017202056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 014903688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2019-01-23 01:50 - 2019-01-23 01:50 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2019-01-23 01:45 - 2019-01-23 01:45 - 014170896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 015761288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 013332360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 001572408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000561544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000472456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2019-01-23 01:44 - 2019-01-23 01:44 - 000174472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000153480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000142728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000128392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2019-01-23 01:44 - 2019-01-23 01:44 - 000036744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2019-01-23 01:44 - 2019-01-23 01:44 - 000033672 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2019-01-23 01:43 - 2019-01-23 01:43 - 000913288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2019-01-23 01:43 - 2019-01-23 01:43 - 000743304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2019-01-23 01:33 - 2019-01-23 01:33 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2019-01-23 01:32 - 2019-01-23 01:32 - 011063352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2019-01-23 01:32 - 2019-01-23 01:32 - 000483208 _____ C:\Windows\system32\dgtrayicon.exe
2019-01-23 01:32 - 2019-01-23 01:32 - 000470920 _____ C:\Windows\system32\GameManager64.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 000373128 _____ C:\Windows\SysWOW64\GameManager32.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 000172656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 000155176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2019-01-23 01:32 - 2019-01-23 01:32 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 001201544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000748424 _____ (AMD) C:\Windows\system32\atieclxx.exe
2019-01-23 01:31 - 2019-01-23 01:31 - 000579976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2019-01-23 01:31 - 2019-01-23 01:31 - 000499080 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2019-01-23 01:31 - 2019-01-23 01:31 - 000493448 _____ (AMD) C:\Windows\system32\atitmm64.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000430472 _____ C:\Windows\system32\atieah64.exe
2019-01-23 01:31 - 2019-01-23 01:31 - 000343944 _____ C:\Windows\SysWOW64\atieah32.exe
2019-01-23 01:31 - 2019-01-23 01:31 - 000202120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2019-01-23 01:31 - 2019-01-23 01:31 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2019-01-23 01:30 - 2019-01-23 01:30 - 000464776 _____ C:\Windows\system32\amdgfxinfo64.dll
2019-01-23 01:30 - 2019-01-23 01:30 - 000373128 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2019-01-23 01:30 - 2019-01-23 01:30 - 000223624 _____ C:\Windows\system32\Drivers\amdacpksd.sys
2019-01-23 01:21 - 2019-01-23 01:21 - 000906744 _____ C:\Windows\SysWOW64\atiapfxx.blb
2019-01-23 01:21 - 2019-01-23 01:21 - 000906744 _____ C:\Windows\system32\atiapfxx.blb
2019-01-22 19:47 - 2019-01-22 19:47 - 000173432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2019-01-22 19:47 - 2019-01-22 19:47 - 000145104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2019-01-15 19:21 - 2019-01-15 19:21 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:42 - 2019-01-14 10:42 - 001056020 _____ C:\Windows\system32\amdicdxx.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-12 15:15 - 2009-07-14 05:45 - 000022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-12 15:15 - 2009-07-14 05:45 - 000022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-12 15:13 - 2018-01-27 12:58 - 000000000 ____D C:\Users\Atari\AppData\Local\Adobe
2019-02-12 15:12 - 2018-10-02 16:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-12 15:12 - 2018-10-02 16:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-12 15:12 - 2018-10-02 16:00 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-12 15:12 - 2018-10-02 16:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-12 15:12 - 2018-10-02 16:00 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 15:08 - 2018-09-29 20:05 - 000000000 ____D C:\Users\Atari\AppData\Roaming\Seznam.cz
2019-02-12 15:06 - 2011-04-12 09:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2019-02-12 15:06 - 2011-04-12 09:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2019-02-12 15:06 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-12 15:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-12 15:04 - 2018-01-21 18:18 - 000000000 ____D C:\Users\Atari\AppData\Local\AVAST Software
2019-02-12 15:03 - 2018-02-03 09:33 - 000000000 ____D C:\Users\Atari\AppData\LocalLow\Mozilla
2019-02-12 15:02 - 2018-02-17 18:45 - 000000200 _____ C:\Windows\Tasks\AutoKMS.job
2019-02-12 15:02 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-11 22:16 - 2018-01-19 22:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-02-11 21:34 - 2018-12-18 11:09 - 000003168 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2019-02-11 21:34 - 2018-10-02 11:20 - 000003550 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Atari-PC-Atari
2019-02-11 21:34 - 2018-06-19 21:26 - 000003502 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Atari-PC-Atari
2019-02-11 21:34 - 2018-01-27 13:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-11 21:34 - 2018-01-20 19:57 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-11 21:34 - 2018-01-20 19:57 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-11 21:34 - 2018-01-19 21:26 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-11 21:34 - 2018-01-19 21:26 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-11 20:35 - 2018-02-17 13:28 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-11 20:27 - 2018-12-18 11:09 - 000000000 ____D C:\Program Files (x86)\IObit
2019-02-11 10:43 - 2015-09-13 18:11 - 000000000 ___RD C:\Users\Atari\Desktop\Alda
2019-02-08 12:55 - 2018-05-15 10:21 - 000000000 ____D C:\Users\Atari\AppData\Local\CrashDumps
2019-02-06 21:26 - 2018-01-28 18:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-06 21:26 - 2018-01-19 21:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-06 09:50 - 2018-01-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 09:33 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\ProductData
2019-02-04 09:33 - 2018-01-19 22:09 - 000000000 ____D C:\Users\Atari\AppData\Local\AMD
2019-02-04 09:28 - 2018-01-19 22:20 - 000109752 _____ C:\Users\Atari\AppData\Local\GDIPFONTCACHEV1.DAT
2019-02-04 09:27 - 2009-07-14 05:45 - 000409696 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-03 16:48 - 2018-09-30 07:48 - 000000000 ____D C:\Program Files (x86)\AMD
2019-02-03 16:48 - 2018-01-19 21:51 - 000000000 ____D C:\Program Files\AMD
2019-02-03 16:45 - 2018-07-17 09:10 - 000000000 ____D C:\Users\Atari\AppData\LocalLow\AMD
2019-02-03 16:45 - 2018-01-19 22:04 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-02-03 16:24 - 2018-06-28 11:19 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-02-03 16:23 - 2018-01-19 21:50 - 000000000 ____D C:\AMD
2019-01-30 17:24 - 2018-01-19 22:11 - 000000000 ___RD C:\Users\Atari\Desktop\koš
2019-01-23 01:56 - 2017-11-28 02:01 - 039765896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2019-01-23 01:51 - 2018-11-08 00:46 - 012883432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2019-01-23 01:45 - 2017-11-28 02:05 - 016992560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2019-01-23 01:44 - 2017-11-28 02:05 - 001932456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2019-01-23 01:32 - 2018-11-08 00:30 - 013733664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2019-01-23 01:32 - 2018-11-08 00:30 - 000190696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2019-01-23 01:32 - 2017-11-28 02:05 - 000206664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2019-01-23 01:31 - 2018-11-08 00:29 - 001201544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2019-01-23 01:31 - 2017-11-28 02:04 - 000230792 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2019-01-23 01:31 - 2017-11-28 02:04 - 000159624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2019-01-23 01:31 - 2017-11-28 02:03 - 001653128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2019-01-19 10:09 - 2018-01-21 18:07 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 10:19 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\IObit
2019-01-13 11:32 - 2018-08-23 10:43 - 000000000 ____D C:\Users\Atari\Desktop\IMPORT HDD

==================== Files in the root of some directories =======

2018-03-03 11:43 - 2018-10-09 17:43 - 000005632 _____ () C:\Users\Atari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-03 12:48 - 2018-10-03 12:48 - 000000000 _____ () C:\Users\Atari\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-04 10:20

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Atari (12-02-2019 15:23:51)
Running from F:\stažené
Windows 7 Professional Service Pack 1 (X64) (2018-01-19 20:19:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4066017516-2149753528-1773050109-500 - Administrator - Disabled)
Atari (S-1-5-21-4066017516-2149753528-1773050109-1000 - Administrator - Enabled) => C:\Users\Atari
Guest (S-1-5-21-4066017516-2149753528-1773050109-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.1.2 - Advanced Micro Devices, Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
ConverterLite 1.6.11.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.11.0 - ConverterLite)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
jwDuplFiles 2.0 (HKLM-x32\...\jwDuplFiles_is1) (Version: - jw)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 cs) (HKLM\...\Mozilla Firefox 65.0 (x64 cs)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
Mp3 Knife 3.4 (HKLM-x32\...\Mp3 Knife_is1) (Version: - Vicky's Cool Softwares)
Odinstalace softwaru k Dell Laser Printer 1110 (HKLM-x32\...\Dell Laser Printer 1110) (Version: - DELL Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Seznam Software (HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype verze 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-01-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14548CE6-71F1-4A0E-851C-D61EF1456B30} - \AutoKMS -> No File <==== ATTENTION
Task: {1867AE6E-D17F-40E6-A90A-436A5DE1282C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {286B3788-5B7D-4B30-A5B6-5E79D85277D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {290D9177-592D-4F41-8B52-D9160A6CC6EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AdobeAAMUpdater-1.0-Atari-PC-Atari" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0-Atari-PC-Atari" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\AMDLinkUpdate" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\ModifyLinkUpdate" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\SmartDefrag_AutoAnalyze" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\StartCNBM" /ENABLE
Task: {2FCBB84A-7B64-4FE8-9079-5E80108E52D2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {478059A3-0D19-436E-91CF-271114A1E631} - System32\Tasks\AdobeGCInvoker-1.0-Atari-PC-Atari => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {58F2C2A4-55BC-419F-B663-F197AB6F96F9} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
Task: {5DE82C14-2BA6-4CF8-A283-DED553377478} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {7F939DDA-2EBA-476A-9808-F6C85E6C634D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A71C0D00-FD69-43AF-9C9D-069973ED02F7} - System32\Tasks\AdobeAAMUpdater-1.0-Atari-PC-Atari => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BE77EE4B-E1EA-4177-86C0-D949588F986C} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C0ED64C9-FE8C-4489-A545-90E38B16AB14} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C363A9FF-A61C-429C-97EE-D7FE8D2B9F73} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {CEE613D2-CEB4-43F5-8F0D-5A81F58A5D04} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DA1D141C-6C6F-453D-9F4C-6A40F3F49402} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {EB85289F-7DFF-4527-B82D-CCE887822430} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FE22576F-FBA6-48E6-9959-AB769A48F21F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2019-01-06 09:00 - 2019-01-06 09:00 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-12 15:03 - 2019-02-12 15:03 - 006865040 _____ () C:\Program Files\AVAST Software\Avast\defs\19021202\algo64.dll
2018-09-29 20:06 - 2017-11-13 15:46 - 000092368 _____ () C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\1789libfoxloader-x64.dll
2013-11-01 11:46 - 2013-11-01 11:46 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 000814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2018-02-04 09:31 - 2009-08-21 13:36 - 000222448 ____R () C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
2019-01-06 09:01 - 2019-01-06 09:01 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-09-29 20:06 - 2017-11-13 15:38 - 000506064 _____ () C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2018-09-29 20:06 - 2017-02-08 12:39 - 000080576 _____ () C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2018-11-28 17:11 - 2018-11-28 17:11 - 000093136 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-11-13 15:58 - 2018-11-13 15:58 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-11-13 15:58 - 2018-11-13 15:58 - 002551808 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-22 19:25 - 2019-01-22 19:25 - 000256512 _____ () C:\Program Files\AMD\CNext\CNext\WirelessVR-windesktop64.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () C:\Program Files\AMD\Performance Profile Client\Platform.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () C:\Program Files\AMD\Performance Profile Client\Device.dll
2018-09-29 20:06 - 2018-02-21 10:36 - 000869584 _____ () C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2018-09-29 20:06 - 2017-11-13 15:49 - 000085200 _____ () C:\Users\Atari\AppData\Roaming\Seznam.cz\bin\1789libfoxloader.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-06 08:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Atari\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF4C46CE-D313-45D4-BB51-B06DF10F6F30}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B48FFAE1-E6B2-47CF-93F2-B0C02F4C3788}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C45F0532-589C-4160-9B10-E694F176565B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C92ABE34-0F20-4057-BB09-487BECF54C33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{68558E0E-D76B-441A-8805-0A4A4888CD1C}] => (Allow) E:\Hry\Gta5\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{9CD6981B-5ADD-4EA6-BE7E-DDEA34AE076F}] => (Allow) E:\Hry\Gta5\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ADB596E3-F857-475B-B4CB-68BB8B2E8D93}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01766A0-3C34-4468-86B8-A5F1A49D61F1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57810AB9-F039-4D79-978E-4225EEF35B8B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{57AC1D7B-EB81-470D-9B69-1BA818DFCE3F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A4AEEBD3-4B3F-40FF-9291-A140450EF979}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AC30DE5E-B89C-4F1B-8536-917F96A3BA1D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{6AC0E9DA-6880-418D-B037-06766179F766}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{7076C5B4-4EBD-49D5-ADF9-8B0D006EB1D9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{BA956F8F-0F22-418D-847C-87B637669C74}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

08-02-2019 10:22:49 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2019 03:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 09:34:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 08:26:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 07:07:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 05:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 04:40:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/11/2019 09:08:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2019 05:52:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/11/2019 10:16:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Launcher byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/11/2019 09:34:34 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 021119-13072-01

Error: (02/11/2019 09:34:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (21:33:34, ‎11.‎2.‎2019) bylo neočekávané.

Error: (02/11/2019 08:25:44 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 021119-12979-01

Error: (02/11/2019 08:25:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:24:24, ‎11.‎2.‎2019) bylo neočekávané.

Error: (02/11/2019 08:25:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/11/2019 07:07:23 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/11/2019 05:27:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Launcher byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: AMD A10-7700K APU with Radeon(TM) R7 Graphics
Percentage of memory in use: 50%
Total physical RAM: 8132.68 MB
Available physical RAM: 4051.93 MB
Total Virtual: 16263.49 MB
Available Virtual: 10850.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:32.85 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:125.27 GB) NTFS
Drive e: () (Fixed) (Total:488.28 GB) (Free:403.25 GB) NTFS
Drive f: () (Fixed) (Total:337.5 GB) (Free:273.05 GB) NTFS

\\?\Volume{a54588c7-fd53-11e7-92d4-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30E330E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=337.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B4E14DD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#4 Příspěvek od Diallix »

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#5 Příspěvek od Atari »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-12-2019
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 19
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Atari\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Atari\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Atari\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2731 octets] - [12/02/2019 22:55:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#6 Příspěvek od Diallix »

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#7 Příspěvek od Atari »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by Atari (administrator) on ATARI-PC (13-02-2019 20:28:12)
Running from F:\stažené
Loaded Profiles: Atari (Available Profiles: Atari)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dell Laser Printer 1110 SM_JB] => C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe [222448 2009-08-21] (Dell Inc. -> )
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {4275f2f7-08bc-11e8-a5ef-e03f4986cf50} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {a54588ce-fd53-11e7-92d4-806e6f6e6963} - G:\Bin\ASSETUP.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {d3c562d4-fd57-11e7-a57b-806e6f6e6963} - G:\Setup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{218B770E-D2F9-4ADE-80CE-05FB52A2B68F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {1FB0EA19-0358-4CA8-9DA0-975EA9C0EF68} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {259C1EA4-1866-415B-81CC-B4665A424B59} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {2D653AF0-AC66-408A-9A8D-353E7234B3F1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {322203C9-31C6-4459-A147-96FD73BD58F3} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {6A80711B-02DB-4C13-A2A3-A6F4F18C983C} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {BC2871AA-A465-4E7A-9513-568359BEA0E1} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {CAF9507C-76C4-4FE1-A242-DA68414011E7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {D67844AF-C1E4-4296-BC12-5FA248FC122C} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000 -> {E2E52D39-875F-4FEB-B5E9-A4A22EB2FF31} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2h739zmo.default
FF ProfilePath: C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default [2019-02-13]
FF Homepage: Mozilla\Firefox\Profiles\2h739zmo.default -> seznam.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\2h739zmo.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Avast Passwords) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2019-01-12]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-11-25]
FF Extension: (Avast SafePrice) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\sp@avast.com.xpi [2018-06-21]
FF Extension: (Avast Online Security) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\wrc@avast.com.xpi [2019-01-30]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Atari\AppData\Roaming\Mozilla\Firefox\Profiles\2h739zmo.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTab.html"

CHR Profile: C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default [2019-02-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2018-09-29]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-09-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-30]
CHR Extension: (Avast Online Security) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-29]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Atari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-30]
CHR HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [499080 2019-02-01] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-02-01] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [367728 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [106816 2013-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [52799368 2019-02-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [581000 2019-02-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [237416 2018-12-29] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [82240 2013-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [42304 2013-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\Performance Profile Client\amd64\AODDriver2.sys [60104 2015-02-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-19] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512048 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104840 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-29] (Martin Malik - REALiX -> REALiX(tm))
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-12 22:55 - 2019-02-12 23:00 - 000000000 ____D C:\AdwCleaner
2019-02-12 22:33 - 2019-02-12 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
2019-02-12 22:32 - 2019-02-12 22:32 - 000000000 ____D C:\Users\Atari\AppData\Local\Downloaded Installations
2019-02-12 19:50 - 2019-02-12 22:53 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-02-12 19:50 - 2019-02-12 22:53 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2019-02-12 19:50 - 2019-02-12 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2019-02-12 19:50 - 2019-02-12 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2019-02-12 19:21 - 2019-02-12 19:22 - 026470000 _____ (AMD Inc.) C:\Users\Atari\Downloads\radeon-software-adrenalin-2019-19.2.1-minimalsetup-190204_64bit.exe
2019-02-12 15:22 - 2019-02-13 20:25 - 000000000 ____D C:\FRST
2019-02-11 17:22 - 2019-02-12 23:03 - 000000000 ____D C:\Windows\Minidump
2019-02-06 09:52 - 2019-02-06 09:52 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-03 16:48 - 2019-02-13 20:19 - 000003102 _____ C:\Windows\System32\Tasks\AMDLinkUpdate
2019-02-03 16:48 - 2019-02-12 22:53 - 000003290 _____ C:\Windows\System32\Tasks\StartCNBM
2019-02-03 16:48 - 2019-02-12 22:53 - 000003116 _____ C:\Windows\System32\Tasks\ModifyLinkUpdate
2019-02-03 16:23 - 2019-02-03 16:23 - 026485000 _____ (AMD Inc.) C:\Users\Atari\Downloads\radeon-software-adrenalin-2019-19.1.2-minimalsetup-190124_64bit.exe
2019-02-01 23:32 - 2019-02-01 23:32 - 003726216 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2019-02-01 23:32 - 2019-02-01 23:32 - 003354504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2019-02-01 23:31 - 2019-02-01 23:31 - 021582216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2019-02-01 23:31 - 2019-02-01 23:31 - 018370440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2019-02-01 23:31 - 2019-02-01 23:31 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2019-02-01 23:31 - 2019-02-01 23:31 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000331656 _____ C:\Windows\system32\clinfo.exe
2019-02-01 23:24 - 2019-02-01 23:24 - 000168328 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-01 23:24 - 2019-02-01 23:24 - 000144776 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-01 23:23 - 2019-02-01 23:23 - 056423816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2019-02-01 23:23 - 2019-02-01 23:23 - 026476936 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2019-02-01 23:23 - 2019-02-01 23:23 - 021245832 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2019-02-01 23:22 - 2019-02-01 23:22 - 046296456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 012252560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000178872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000156440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000156200 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000134280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000123240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000117072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000117072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000108296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000096424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2019-02-01 23:18 - 2019-02-01 23:18 - 000096424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2019-02-01 23:17 - 2019-02-01 23:17 - 052799368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2019-02-01 23:17 - 2019-02-01 23:17 - 017201544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2019-02-01 23:17 - 2019-02-01 23:17 - 000149384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2019-02-01 23:17 - 2019-02-01 23:17 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2019-02-01 23:17 - 2019-02-01 23:17 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2019-02-01 23:16 - 2019-02-01 23:16 - 014903688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2019-02-01 23:16 - 2019-02-01 23:16 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2019-02-01 23:16 - 2019-02-01 23:16 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2019-02-01 23:13 - 2019-02-01 23:13 - 032467848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2019-02-01 23:13 - 2019-02-01 23:13 - 014220848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2019-02-01 23:13 - 2019-02-01 23:13 - 001572920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 015761288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000561544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000472456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2019-02-01 23:12 - 2019-02-01 23:12 - 000174472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000153480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000142728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000128392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2019-02-01 23:12 - 2019-02-01 23:12 - 000036744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2019-02-01 23:12 - 2019-02-01 23:12 - 000033672 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2019-02-01 23:11 - 2019-02-01 23:11 - 013332360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2019-02-01 23:11 - 2019-02-01 23:11 - 000913288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2019-02-01 23:11 - 2019-02-01 23:11 - 000743304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2019-02-01 23:06 - 2019-02-01 23:06 - 011063352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2019-02-01 23:06 - 2019-02-01 23:06 - 000172656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2019-02-01 23:06 - 2019-02-01 23:06 - 000155176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2019-02-01 23:06 - 2019-02-01 23:06 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2019-02-01 23:06 - 2019-02-01 23:06 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000581000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2019-02-01 23:05 - 2019-02-01 23:05 - 000499080 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2019-02-01 23:05 - 2019-02-01 23:05 - 000493448 _____ (AMD) C:\Windows\system32\atitmm64.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000483208 _____ C:\Windows\system32\dgtrayicon.exe
2019-02-01 23:05 - 2019-02-01 23:05 - 000470920 _____ C:\Windows\system32\GameManager64.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000373128 _____ C:\Windows\SysWOW64\GameManager32.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000202120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2019-02-01 23:05 - 2019-02-01 23:05 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2019-02-01 23:04 - 2019-02-01 23:04 - 001201544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2019-02-01 23:04 - 2019-02-01 23:04 - 001201544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2019-02-01 23:04 - 2019-02-01 23:04 - 000748424 _____ (AMD) C:\Windows\system32\atieclxx.exe
2019-02-01 23:04 - 2019-02-01 23:04 - 000464776 _____ C:\Windows\system32\amdgfxinfo64.dll
2019-02-01 23:04 - 2019-02-01 23:04 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2019-02-01 23:04 - 2019-02-01 23:04 - 000430472 _____ C:\Windows\system32\atieah64.exe
2019-02-01 23:04 - 2019-02-01 23:04 - 000343944 _____ C:\Windows\SysWOW64\atieah32.exe
2019-02-01 23:03 - 2019-02-01 23:03 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2019-02-01 23:03 - 2019-02-01 23:03 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2019-02-01 23:03 - 2019-02-01 23:03 - 000373128 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2019-02-01 23:03 - 2019-02-01 23:03 - 000223624 _____ C:\Windows\system32\Drivers\amdacpksd.sys
2019-02-01 22:53 - 2019-02-01 22:53 - 000906872 _____ C:\Windows\SysWOW64\atiapfxx.blb
2019-02-01 22:53 - 2019-02-01 22:53 - 000906872 _____ C:\Windows\system32\atiapfxx.blb
2019-02-01 17:16 - 2019-02-01 17:16 - 000173432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2019-02-01 17:16 - 2019-02-01 17:16 - 000145104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2019-01-24 21:48 - 2019-01-24 21:48 - 000234032 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2019-01-24 21:46 - 2019-01-24 21:46 - 000324672 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2019-01-24 21:43 - 2019-01-24 21:43 - 000267472 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2019-01-23 01:59 - 2019-02-01 23:32 - 001578376 _____ (AMD) C:\Windows\system32\coinst_18.50.dll
2019-01-23 01:59 - 2019-01-23 01:59 - 001578376 _____ (AMD) C:\Windows\system32\SETCF4.tmp
2019-01-23 01:03 - 2019-01-23 01:03 - 000277920 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2019-01-23 00:58 - 2019-01-23 00:58 - 000272288 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2019-01-22 23:06 - 2019-01-22 23:06 - 000379744 _____ C:\Windows\system32\ativvaxy_vg20_nd.dat
2019-01-22 23:04 - 2019-01-22 23:04 - 000377024 _____ C:\Windows\system32\ativvaxy_gl_nd.dat
2019-01-22 23:03 - 2019-01-22 23:03 - 000374560 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2019-01-22 23:03 - 2019-01-22 23:03 - 000348832 _____ C:\Windows\system32\ativvaxy_rv.dat
2019-01-15 19:21 - 2019-01-15 19:21 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:42 - 2019-01-14 10:42 - 001056020 _____ C:\Windows\system32\amdicdxx.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-13 20:27 - 2018-05-15 10:21 - 000000000 ____D C:\Users\Atari\AppData\Local\CrashDumps
2019-02-13 20:24 - 2011-04-12 09:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2019-02-13 20:24 - 2011-04-12 09:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2019-02-13 20:24 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-13 20:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-13 20:21 - 2018-02-03 09:33 - 000000000 ____D C:\Users\Atari\AppData\LocalLow\Mozilla
2019-02-13 20:21 - 2018-01-21 18:18 - 000000000 ____D C:\Users\Atari\AppData\Local\AVAST Software
2019-02-13 20:19 - 2018-02-17 18:45 - 000000200 _____ C:\Windows\Tasks\AutoKMS.job
2019-02-13 20:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-12 23:12 - 2018-09-30 07:48 - 000000000 ____D C:\Program Files (x86)\AMD
2019-02-12 23:12 - 2018-01-19 22:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-02-12 23:09 - 2009-07-14 05:45 - 000022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-12 23:09 - 2009-07-14 05:45 - 000022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-12 23:00 - 2018-12-18 11:09 - 000000000 ____D C:\Users\Atari\AppData\Roaming\IObit
2019-02-12 23:00 - 2018-12-18 11:09 - 000000000 ____D C:\Users\Atari\AppData\LocalLow\IObit
2019-02-12 23:00 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\IObit
2019-02-12 22:53 - 2018-12-18 11:09 - 000003168 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2019-02-12 22:53 - 2018-10-02 16:00 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-12 22:53 - 2018-10-02 11:20 - 000003550 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Atari-PC-Atari
2019-02-12 22:53 - 2018-06-19 21:26 - 000003502 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Atari-PC-Atari
2019-02-12 22:53 - 2018-02-17 13:28 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-12 22:53 - 2018-01-27 13:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 22:53 - 2018-01-20 19:57 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-12 22:53 - 2018-01-20 19:57 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-12 22:53 - 2018-01-19 21:26 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-12 22:53 - 2018-01-19 21:26 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-12 22:07 - 2018-01-19 22:20 - 000109752 _____ C:\Users\Atari\AppData\Local\GDIPFONTCACHEV1.DAT
2019-02-12 19:56 - 2018-01-19 22:09 - 000000000 ____D C:\Users\Atari\AppData\Local\AMD
2019-02-12 19:52 - 2009-07-14 05:45 - 000409696 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-12 19:51 - 2018-01-19 21:51 - 000000000 ____D C:\Program Files\AMD
2019-02-12 19:48 - 2018-01-19 22:04 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-02-12 19:23 - 2018-06-28 11:19 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-02-12 19:22 - 2018-01-19 21:50 - 000000000 ____D C:\AMD
2019-02-12 15:27 - 2018-01-19 22:11 - 000000000 ___RD C:\Users\Atari\Desktop\koš
2019-02-12 15:27 - 2015-09-13 18:11 - 000000000 ___RD C:\Users\Atari\Desktop\Alda
2019-02-12 15:13 - 2018-01-27 12:58 - 000000000 ____D C:\Users\Atari\AppData\Local\Adobe
2019-02-12 15:12 - 2018-10-02 16:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-12 15:12 - 2018-10-02 16:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-12 15:12 - 2018-10-02 16:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-12 15:12 - 2018-10-02 16:00 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-11 20:27 - 2018-12-18 11:09 - 000000000 ____D C:\Program Files (x86)\IObit
2019-02-06 21:26 - 2018-01-28 18:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-06 21:26 - 2018-01-19 21:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-06 09:50 - 2018-01-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 09:33 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\ProductData
2019-02-03 16:45 - 2018-07-17 09:10 - 000000000 ____D C:\Users\Atari\AppData\LocalLow\AMD
2019-02-01 23:18 - 2018-11-08 00:46 - 012887552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2019-02-01 23:13 - 2017-11-28 02:05 - 017047168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2019-02-01 23:13 - 2017-11-28 02:05 - 001932968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2019-02-01 23:13 - 2017-11-28 02:01 - 039767432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2019-02-01 23:06 - 2018-11-08 00:30 - 013733664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2019-02-01 23:06 - 2018-11-08 00:30 - 000190696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2019-02-01 23:06 - 2017-11-28 02:05 - 000206664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2019-02-01 23:05 - 2017-11-28 02:04 - 000230792 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2019-02-01 23:05 - 2017-11-28 02:04 - 000159624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2019-02-01 23:04 - 2017-11-28 02:03 - 001653128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2019-01-23 01:56 - 2017-11-28 02:01 - 039765896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\SETCE89.tmp
2019-01-23 01:51 - 2018-11-08 00:46 - 012883432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETC96C.tmp
2019-01-23 01:45 - 2017-11-28 02:05 - 016992560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETD911.tmp
2019-01-23 01:44 - 2017-11-28 02:05 - 001932456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETEDB7.tmp
2019-01-23 01:32 - 2018-11-08 00:30 - 013733664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETC842.tmp
2019-01-23 01:32 - 2018-11-08 00:30 - 000190696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETED43.tmp
2019-01-23 01:32 - 2017-11-28 02:05 - 000206664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETED55.tmp
2019-01-23 01:31 - 2017-11-28 02:04 - 000230792 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETED66.tmp
2019-01-23 01:31 - 2017-11-28 02:04 - 000159624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SETA38.tmp
2019-01-23 01:31 - 2017-11-28 02:03 - 001653128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\SETCA0D.tmp
2019-01-19 10:09 - 2018-01-21 18:07 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2018-03-03 11:43 - 2018-10-09 17:43 - 000005632 _____ () C:\Users\Atari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-03 12:48 - 2018-10-03 12:48 - 000000000 _____ () C:\Users\Atari\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-04 10:20

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Atari (13-02-2019 20:28:49)
Running from F:\stažené
Windows 7 Professional Service Pack 1 (X64) (2018-01-19 20:19:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4066017516-2149753528-1773050109-500 - Administrator - Disabled)
Atari (S-1-5-21-4066017516-2149753528-1773050109-1000 - Administrator - Enabled) => C:\Users\Atari
Guest (S-1-5-21-4066017516-2149753528-1773050109-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.2.1 - Advanced Micro Devices, Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
ConverterLite 1.6.11.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.11.0 - ConverterLite)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
jwDuplFiles 2.0 (HKLM-x32\...\jwDuplFiles_is1) (Version: - jw)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 cs) (HKLM\...\Mozilla Firefox 65.0 (x64 cs)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
Mp3 Knife 3.4 (HKLM-x32\...\Mp3 Knife_is1) (Version: - Vicky's Cool Softwares)
Odinstalace softwaru k Dell Laser Printer 1110 (HKLM-x32\...\Dell Laser Printer 1110) (Version: - DELL Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Skype verze 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4066017516-2149753528-1773050109-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-02-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14548CE6-71F1-4A0E-851C-D61EF1456B30} - \AutoKMS -> No File <==== ATTENTION
Task: {1867AE6E-D17F-40E6-A90A-436A5DE1282C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {286B3788-5B7D-4B30-A5B6-5E79D85277D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {290D9177-592D-4F41-8B52-D9160A6CC6EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {37B2D0E1-7E0F-49BB-9D29-790A1480F9C8} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {439F1423-813F-4DA0-AC34-25F5141274E7} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {478059A3-0D19-436E-91CF-271114A1E631} - System32\Tasks\AdobeGCInvoker-1.0-Atari-PC-Atari => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {58F2C2A4-55BC-419F-B663-F197AB6F96F9} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
Task: {5DE82C14-2BA6-4CF8-A283-DED553377478} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {62455753-6879-45BB-A37D-2A2BC85CF0BA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {787225A0-3474-4BAE-AA57-9384B65BC0FB} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {7F939DDA-2EBA-476A-9808-F6C85E6C634D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A71C0D00-FD69-43AF-9C9D-069973ED02F7} - System32\Tasks\AdobeAAMUpdater-1.0-Atari-PC-Atari => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C0ED64C9-FE8C-4489-A545-90E38B16AB14} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C363A9FF-A61C-429C-97EE-D7FE8D2B9F73} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe (Advanced Micro Devices, Inc.) [File not signed]
Task: {EB85289F-7DFF-4527-B82D-CCE887822430} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FE22576F-FBA6-48E6-9959-AB769A48F21F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2019-01-06 09:00 - 2019-01-06 09:00 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-02-12 19:19 - 2019-02-12 19:19 - 006865040 _____ () C:\Program Files\AVAST Software\Avast\defs\19021204\algo64.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-06 09:00 - 2019-01-06 09:00 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-13 20:21 - 2019-02-13 20:21 - 006877328 _____ () C:\Program Files\AVAST Software\Avast\defs\19021304\algo64.dll
2013-11-01 11:46 - 2013-11-01 11:46 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 000814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2019-01-06 09:01 - 2019-01-06 09:01 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-04 09:31 - 2009-08-21 13:36 - 000222448 ____R () C:\Program Files (x86)\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
2018-11-28 17:11 - 2018-11-28 17:11 - 000093136 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-11-14 12:34 - 2018-11-14 12:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-11-14 12:34 - 2018-11-14 12:34 - 002551808 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-02-01 16:58 - 2019-02-01 16:58 - 000256512 _____ () C:\Program Files\AMD\CNext\CNext\WirelessVR-windesktop64.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () C:\Program Files\AMD\Performance Profile Client\Platform.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () C:\Program Files\AMD\Performance Profile Client\Device.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-06 08:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Atari\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF4C46CE-D313-45D4-BB51-B06DF10F6F30}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B48FFAE1-E6B2-47CF-93F2-B0C02F4C3788}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C45F0532-589C-4160-9B10-E694F176565B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C92ABE34-0F20-4057-BB09-487BECF54C33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{68558E0E-D76B-441A-8805-0A4A4888CD1C}] => (Allow) E:\Hry\Gta5\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{9CD6981B-5ADD-4EA6-BE7E-DDEA34AE076F}] => (Allow) E:\Hry\Gta5\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ADB596E3-F857-475B-B4CB-68BB8B2E8D93}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01766A0-3C34-4468-86B8-A5F1A49D61F1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57810AB9-F039-4D79-978E-4225EEF35B8B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{57AC1D7B-EB81-470D-9B69-1BA818DFCE3F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A4AEEBD3-4B3F-40FF-9291-A140450EF979}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AC30DE5E-B89C-4F1B-8536-917F96A3BA1D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{6AC0E9DA-6880-418D-B037-06766179F766}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{7076C5B4-4EBD-49D5-ADF9-8B0D006EB1D9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{BA956F8F-0F22-418D-847C-87B637669C74}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

08-02-2019 10:22:49 Naplánovaný kontrolní bod
12-02-2019 19:24:03 Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
12-02-2019 19:49:09 Instalace balíčku ovladače zařízení: Advanced Micro Devices, Inc. Grafické adaptéry
12-02-2019 22:33:19 Installed AMD OverDrive.
12-02-2019 22:39:00 Removed AMD OverDrive.
12-02-2019 23:11:30 Removed AMD OverDrive.

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2019 08:26:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FRST64.exe, verze: 13.2.2019.1, časové razítko: 0x5c646538
Název chybujícího modulu: FRST64.exe, verze: 13.2.2019.1, časové razítko: 0x5c646538
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000026905
ID chybujícího procesu: 0xef0
Čas spuštění chybující aplikace: 0x01d4c3d1e173598f
Cesta k chybující aplikaci: F:\stažené\FRST64.exe
Cesta k chybujícímu modulu: F:\stažené\FRST64.exe
ID zprávy: 4c1147df-2fc5-11e9-b2f4-e03f4986cf50

Error: (02/13/2019 08:20:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2019 08:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2019 11:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2019 10:38:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2019 10:34:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2019 10:02:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2019 09:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/13/2019 08:19:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AODService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/13/2019 08:19:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:12:02, ‎13.‎2.‎2019) bylo neočekávané.

Error: (02/13/2019 08:12:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AODService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/12/2019 11:12:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Launcher byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2019 11:00:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Launcher byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2019 11:00:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/12/2019 11:00:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/12/2019 11:00:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Genuine Software Integrity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: AMD A10-7700K APU with Radeon(TM) R7 Graphics
Percentage of memory in use: 51%
Total physical RAM: 8132.68 MB
Available physical RAM: 3969.44 MB
Total Virtual: 16263.49 MB
Available Virtual: 11030.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:29.19 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:125.27 GB) NTFS
Drive e: () (Fixed) (Total:488.28 GB) (Free:403.25 GB) NTFS
Drive f: () (Fixed) (Total:337.5 GB) (Free:273.04 GB) NTFS

\\?\Volume{a54588c7-fd53-11e7-92d4-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30E330E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=337.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B4E14DD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#8 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Windows\AutoKMS.exe

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {4275f2f7-08bc-11e8-a5ef-e03f4986cf50} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {a54588ce-fd53-11e7-92d4-806e6f6e6963} - G:\Bin\ASSETUP.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {d3c562d4-fd57-11e7-a57b-806e6f6e6963} - G:\Setup.exe
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
2019-02-12 23:12 - 2018-01-19 22:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-02-12 23:00 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\IObit
2019-02-12 22:53 - 2018-01-19 21:26 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-12 22:53 - 2018-01-19 21:26 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-11 20:27 - 2018-12-18 11:09 - 000000000 ____D C:\Program Files (x86)\IObit
Task: {14548CE6-71F1-4A0E-851C-D61EF1456B30} - \AutoKMS -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#9 Příspěvek od Atari »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Atari (14-02-2019 20:15:50) Run:1
Running from F:\stažené\FRST-OlderVersion
Loaded Profiles: Atari (Available Profiles: Atari)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Windows\AutoKMS.exe

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {4275f2f7-08bc-11e8-a5ef-e03f4986cf50} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {a54588ce-fd53-11e7-92d4-806e6f6e6963} - G:\Bin\ASSETUP.exe
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\...\MountPoints2: {d3c562d4-fd57-11e7-a57b-806e6f6e6963} - G:\Setup.exe
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
2019-02-12 23:12 - 2018-01-19 22:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-02-12 23:00 - 2018-12-18 11:09 - 000000000 ____D C:\ProgramData\IObit
2019-02-12 22:53 - 2018-01-19 21:26 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-12 22:53 - 2018-01-19 21:26 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-11 20:27 - 2018-12-18 11:09 - 000000000 ____D C:\Program Files (x86)\IObit
Task: {14548CE6-71F1-4A0E-851C-D61EF1456B30} - \AutoKMS -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Windows\AutoKMS.exe" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4275f2f7-08bc-11e8-a5ef-e03f4986cf50} => removed successfully
HKLM\Software\Classes\CLSID\{4275f2f7-08bc-11e8-a5ef-e03f4986cf50} => not found
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a54588ce-fd53-11e7-92d4-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{a54588ce-fd53-11e7-92d4-806e6f6e6963} => not found
HKU\S-1-5-21-4066017516-2149753528-1773050109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3c562d4-fd57-11e7-a57b-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{d3c562d4-fd57-11e7-a57b-806e6f6e6963} => not found
HKLM\System\CurrentControlSet\Services\AODService => removed successfully
AODService => service removed successfully
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
C:\Windows\system32\spu_storage.bin => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Program Files (x86)\IObit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{14548CE6-71F1-4A0E-851C-D61EF1456B30}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14548CE6-71F1-4A0E-851C-D61EF1456B30}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully


The system needed a reboot.

==== End of Fixlog 20:16:09 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#10 Příspěvek od Diallix »

Vypnite automaticke restarty podla navodu nizsie. Vykonajte navod pod oznacenim OPTION ONE a ODciarknite chlievik Automatically Reestart z obrazku: https://www.tenforums.com/attachments/t ... 8b69f0b8a7
https://www.tenforums.com/tutorials/690 ... -10-a.html

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#11 Příspěvek od Atari »

Pc je na tom takto - dnes jsem hrál GTA 5 na plné rozlišení a po 3 hodinách opět ta samá chyba (pc spadlo do blue win). Opět jsem zkusil hru rozjed a pc spadlo po 5 minutách hraní. Nevím jestli má na to vliv zátěž nebo to je jiná chyba. Zkusím ještě vypnout ten restart. Jak jsem hledal řešení k mému problému, tak jsem narazil na tento program: prosím pozor nestahovat - avast mi hlásil hrozbu při stahování - není to úplně 100 % zdroj

(https://errorkit.com/errors-directory/i ... BAQAvD_BwE)

co jsi o tom myslíte prosím vás vy ?

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#12 Příspěvek od Atari »

Vypnutí restartu (win 7 profesional) jsem provedl dle následujícího návodu:

https://wintip.cz/400-jak-zakazat-autom ... ci-windows

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#13 Příspěvek od Diallix »

tak jsem narazil na tento program: prosím pozor nestahovat - avast mi hlásil hrozbu při stahování - není to úplně 100 % zdroj

(https://errorkit.com/errors-directory/i ... BAQAvD_BwE)

co jsi o tom myslíte prosím vás vy ?
TA URL je v poriadku, pri stahovani vypnite
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Atari
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 led 2018 22:31

Re: blue windows

#14 Příspěvek od Atari »

Tento prográmek mi nejde naistalovat viz foto (https://uloz.to/!GMwZgnzOJtmt/bez-nazvu-jpg). Zasekne se u 99% a instalace se nedokončí. Vypínal jsem i avast ale nic z toho nepomohlo.

Prosím vás nevíte o nějakém podobném prográmku ? Připadá mi, že toto by mi mohlo pomoci.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2689
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: blue windows

#15 Příspěvek od Diallix »

Vypina vam to teda len pri tej hre ?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Odpovědět