Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

preventivní kontrloa

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

preventivní kontrloa

#1 Příspěvek od BacilX »

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [117248 2018-04-13] (pdfforge GmbH) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{15601C4F-0785-412A-BDC7-0069DA945582}: [NameServer] 213.211.45.3,212.96.160.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,10.40.128.1,-1]

Edge:
======
Edge Profile: C:\Users\Robin\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-27]

FireFox:
========
FF DefaultProfile: dnduyjzt.default-1438453465701
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701 [2020-10-18]
FF DownloadDir: E:\stažené soubory
FF Homepage: Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701 -> hxxp://www.seznam.cz/
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\firefox@ghostery.com.xpi [2020-10-14]
FF Extension: (HTTPS Everywhere) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\https-everywhere@eff.org.xpi [2020-08-19]
FF Extension: (To Google Translate) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-11-25]
FF Extension: (uBlock Origin) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\uBlock0@raymondhill.net.xpi [2020-10-16]
FF Extension: (DownThemAll!) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\dnduyjzt.default-1438453465701\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2020-02-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default [2020-06-27]
CHR Extension: (Prezentace) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-19]
CHR Extension: (Dokumenty) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-19]
CHR Extension: (Disk Google) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-09-19]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-19]
CHR Extension: (Tabulky) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-19]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-06] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 14:43 - 2020-10-18 14:43 - 000009207 _____ C:\Users\Robin\Desktop\FRST.txt
2020-10-18 14:42 - 2020-10-18 14:42 - 000000000 ____D C:\FRST
2020-10-18 12:26 - 2020-10-18 12:25 - 002299904 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-16 11:05 - 2020-10-16 11:05 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-13 21:36 - 2020-10-18 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-02 12:03 - 2020-10-04 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-09-29 09:18 - 2020-09-29 09:40 - 000000000 ____D C:\Users\Admin\Documents\Larian Studios
2020-09-29 09:18 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Admin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Robin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin 2 Definitive Edition
2020-09-26 08:32 - 2020-09-26 08:34 - 000000000 ____D C:\Fraps
2020-09-26 08:32 - 2020-09-26 08:32 - 000000568 _____ C:\Users\Robin\Desktop\Fraps.lnk
2020-09-26 08:32 - 2020-09-26 08:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 14:34 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-18 14:34 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 12:32 - 2019-01-13 17:14 - 000033792 _____ C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-10-18 08:35 - 2010-11-21 11:27 - 000670334 _____ C:\Windows\system32\perfh005.dat
2020-10-18 08:35 - 2010-11-21 11:27 - 000141946 _____ C:\Windows\system32\perfc005.dat
2020-10-18 08:35 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 08:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-10-18 08:30 - 2017-12-16 14:21 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-18 08:29 - 2016-11-18 01:09 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2020-10-18 08:29 - 2014-02-26 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 08:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-16 11:05 - 2019-01-14 16:57 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-16 11:05 - 2018-10-21 07:57 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-13 22:06 - 2014-02-25 16:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-13 22:06 - 2014-02-25 16:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-29 09:40 - 2014-02-25 15:33 - 000265832 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-09-28 12:33 - 2019-03-24 11:35 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2020-09-26 13:26 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\Documents\Larian Studios
2020-09-26 13:14 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\AppData\Local\LarianLauncher
2020-09-25 18:01 - 2015-05-18 21:16 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-24 19:42 - 2014-02-26 19:32 - 000000000 ____D C:\Users\Robin\AppData\Roaming\XnView
2020-09-23 15:09 - 2014-02-26 17:48 - 000000000 ____D C:\ProgramData\Mozilla

==================== Files in the root of some directories ========

2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-01-13 17:14 - 2020-10-18 12:32 - 000033792 _____ () C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-09-13 13:09 - 2020-09-13 13:09 - 000000832 _____ () C:\Users\Robin\AppData\Local\recently-used.xbel
2019-10-22 23:34 - 2019-10-22 23:34 - 000173038 _____ () C:\Users\Robin\AppData\Local\Temp1C86B0187D0712036CB1FC8965EE8F5C_S_Stat_22dgobta.zip

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. The user is not administrator -> Nelze otev��t �lo�i�t� konfigura�n�ch dat spou�t�n�.
P��stup byl odep�en.

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Robin (18-10-2020 14:43:51)
Running from C:\Users\Robin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-25 13:28:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2485784249-3341709608-829223016-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2485784249-3341709608-829223016-500 - Administrator - Disabled)
Guest (S-1-5-21-2485784249-3341709608-829223016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485784249-3341709608-829223016-1003 - Limited - Enabled)
Robin (S-1-5-21-2485784249-3341709608-829223016-1004 - Limited - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.445 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Advanced JPEG Compressor 2011 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2011 - WinSoftMagic Inc.)
Aegisub 3.2.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.0 - Aegisub Team)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
calibre (HKLM-x32\...\{0B374B2C-FE04-4741-B0B2-B14D84CEDAFF}) (Version: 3.35.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Expeditions: Viking (HKLM-x32\...\1450363937_is1) (Version: 1.0.7.4 - GOG.com)
Factorio (HKLM-x32\...\Factorio_is1) (Version: - )
Fallout3_CZ_1.0.0.15_patch (HKU\S-1-5-21-2485784249-3341709608-829223016-1004\...\{A403D710-B87F-11DD-6784-0F41E62818BE}) (Version: 1.0.0.15 - Cenega Czech)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version: - Kalypso Media)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Grim Dawn Forgotten Gods (HKLM-x32\...\Grim Dawn Forgotten Gods_is1) (Version: - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 81.0.2.7590 - Mozilla)
Mozilla Thunderbird 68.12.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 68.12.1 (x86 cs)) (Version: 68.12.1 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
PhotoImpact X3 (HKLM-x32\...\{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel) Hidden
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: 200908 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spellcross (DOSBox 0.74 emulace) (HKLM-x32\...\Spellcross (DOSBox 0.74 emulace)) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [AJC] -> {5071CDA5-D3E1-11D5-BFC0-005004A71005} => C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [2001-11-22] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Robin\Desktop\Spellcross.lnk -> C:\Hry\Spellcross\Play.bat ()

==================== Loaded Modules (Whitelisted) =============

2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\MSVCP140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\ucrtbase.DLL
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 12:45 - 2020-10-18 12:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101800\avast.local_vc142.crt\VCRUNTIME140_1.dll
2018-09-16 13:23 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.triline.cz
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-13 09:16 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.211.45.3 - 212.96.160.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B49E75B1-A3B8-44ED-AE11-B46785FD2E67}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EDE61EF5-D8FF-4FAE-B94D-C935A3344EB1}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A6187EB-8DC1-4C89-88D9-3E9928F6940F}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04FBBF19-723A-49A9-AAAE-FA93DA9005C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74B21F8B-7609-4F49-9022-9B9197B09F4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5991C55-B6A8-460F-B8E7-E41EF986D8D0}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{D37F2FA0-711E-4A01-BD05-8DCD73EC9E95}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{24316309-A1F6-468B-B10A-EEB36BCC0F08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{78ED4724-0F7A-4A6F-8FE4-0DAB928BD5F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29CC7501-9030-44DC-B16D-E5266489C60F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA322048-9FB3-4A42-B9AC-99A91E28237E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D7896EF1-9C27-4124-96F8-39635717B3FF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{46CF13F4-2BD8-4081-8F97-BF13859745E3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{9FC710FC-3CBA-41DA-ADB2-950EF7C0FE2B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{5C8CD737-8AF7-4D9D-AA37-F09E661E52E6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{3D336B23-9B4C-4844-B932-F44616F083E1}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{D23197A2-1D5F-4111-94A0-91826E46E1F3}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [{9CEAC37D-CBD9-4A1C-A0F1-2D04EBF1CA17}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{F82FC33E-8CD6-4738-AC2B-3F2986F9AB82}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{1EF79CD8-B7D3-4D2B-A4EA-3612AE214118}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [UDP Query User{94A7B34A-6184-4880-85D4-B0DE38B56AEF}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{F04177A1-43D9-408C-B31E-96EA2FE53999}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{11C44EE3-D698-4FF2-9783-0EA355D4D52D}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:103 GB) (Free:7.91 GB) (8%)
Check "VSS" service


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:29:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2020 09:33:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2020 04:16:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 09:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 11:31:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:53:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2020 07:50:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 08:29:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (10/13/2020 03:01:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f020b): SAMSUNG Electronics Co., Ltd. - USB - 2.16.14.0.


CodeIntegrity:
===================================

Date: 2014-08-15 16:18:13.943
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.825
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.197
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.1 01/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8136.02 MB
Available physical RAM: 4019.94 MB
Total Virtual: 13134.16 MB
Available Virtual: 8519.58 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:103 GB) (Free:7.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:56.52 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:1863.01 GB) (Free:39.45 GB) NTFS

\\?\Volume{4e7be4a2-9b09-11e3-b7a6-d43d7effa8c6}\ (WinRE-ATC) (Fixed) (Total:8.79 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: preventivní kontrloa

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: preventivní kontrloa

#3 Příspěvek od BacilX »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-18-2020
# Duration: 00:00:37
# OS: Windows 7 Home Premium
# Scanned: 31837
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1257 octets] - [16/06/2019 19:52:39]
AdwCleaner[S01].txt - [1318 octets] - [22/06/2019 07:37:57]
AdwCleaner[S02].txt - [1379 octets] - [08/07/2019 19:45:52]
AdwCleaner[S03].txt - [1440 octets] - [12/07/2019 08:37:15]
AdwCleaner[S04].txt - [1501 octets] - [12/07/2019 09:04:26]
AdwCleaner[S05].txt - [1562 octets] - [18/07/2019 21:44:57]
AdwCleaner[S06].txt - [1699 octets] - [01/08/2019 12:15:32]
AdwCleaner[S07].txt - [1760 octets] - [16/08/2019 16:43:31]
AdwCleaner[S08].txt - [1821 octets] - [30/08/2019 10:58:29]
AdwCleaner[S09].txt - [1882 octets] - [31/08/2019 17:09:35]
AdwCleaner_Debug.log - [33007 octets] - [13/09/2019 07:34:54]
AdwCleaner[S10].txt - [2005 octets] - [13/09/2019 07:35:22]
AdwCleaner[S11].txt - [2067 octets] - [13/09/2019 08:04:06]
AdwCleaner[S12].txt - [2128 octets] - [19/09/2019 20:54:35]
AdwCleaner[S13].txt - [2189 octets] - [23/09/2019 16:36:10]
AdwCleaner[S14].txt - [2250 octets] - [28/09/2019 08:47:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S15].txt ##########
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: preventivní kontrloa

#4 Příspěvek od Diallix »

Logy FRST nie su kompletne a je nutne FRST spustit pod uctom administratora.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: preventivní kontrloa

#5 Příspěvek od BacilX »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by Admin (administrator) on TRILINE (ATComputers TRILINE PROFI I108) (18-10-2020 23:46:51)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Robin
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <8>
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [117248 2018-04-13] (pdfforge GmbH) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF6F5FE-3926-48A0-AE65-FDB0726B74AB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {32497A94-DF03-4A04-996E-5FDD5F981B63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3D0695FF-9E63-4A4A-85DA-2DAC77ADB8BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4496488 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
Task: {442BF7A8-9BE6-4C98-A217-498CA12CD61B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {8A45F4D7-DAA6-4F5D-AFDE-6692BE2F0A84} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {8B162B5E-8087-4E9F-AE9D-B600C20D8DC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
Task: {AD793E57-09A2-4FF1-A9F0-A21141EE9F94} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D4095D1E-53FD-4204-9F2C-F2A83127CB3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{15601C4F-0785-412A-BDC7-0069DA945582}: [NameServer] 213.211.45.3,212.96.160.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,10.40.128.1,-1]

Edge:
======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-27]

FireFox:
========
FF DefaultProfile: imtd495u.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default [2020-09-26]
FF DownloadDir: C:\Users\Admin\Desktop\stažené soubory
FF Homepage: Mozilla\Firefox\Profiles\imtd495u.default -> hxxps://www.seznam.cz/
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\firefox@ghostery.com.xpi [2020-09-26]
FF Extension: (To Google Translate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-28]
FF Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\uBlock0@raymondhill.net.xpi [2019-12-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-16] (Avast Software s.r.o. -> AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-06] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 23:45 - 2020-10-18 23:47 - 000010496 _____ C:\Users\Admin\Desktop\FRST.txt
2020-10-18 14:42 - 2020-10-18 23:47 - 000000000 ____D C:\FRST
2020-10-18 12:26 - 2020-10-18 12:25 - 002299904 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2020-10-16 20:19 - 2020-10-16 20:19 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-16 11:05 - 2020-10-16 11:05 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-16 11:05 - 2020-10-16 11:05 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-16 11:05 - 2020-10-16 11:05 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-13 21:36 - 2020-10-18 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-02 12:03 - 2020-10-04 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-09-29 09:18 - 2020-09-29 09:40 - 000000000 ____D C:\Users\Admin\Documents\Larian Studios
2020-09-29 09:18 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Admin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000891 _____ C:\Users\Robin\Desktop\Divinity Original Sin 2 Definitive Edition.lnk
2020-09-26 08:54 - 2020-09-26 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity Original Sin 2 Definitive Edition
2020-09-26 08:32 - 2020-09-26 08:34 - 000000000 ____D C:\Fraps
2020-09-26 08:32 - 2020-09-26 08:32 - 000000568 _____ C:\Users\Robin\Desktop\Fraps.lnk
2020-09-26 08:32 - 2020-09-26 08:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 23:44 - 2016-11-18 01:09 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2020-10-18 22:25 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-18 22:25 - 2009-07-14 06:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 22:19 - 2020-06-27 10:24 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 22:19 - 2020-06-27 10:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-18 22:19 - 2019-12-24 09:50 - 000004366 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-10-18 22:19 - 2019-07-18 21:44 - 000004484 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-18 22:19 - 2019-07-12 08:22 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-10-18 22:19 - 2018-12-09 00:55 - 000004206 _____ C:\Windows\system32\Tasks\Norton Security Scan for Admin
2020-10-18 22:19 - 2017-12-06 17:11 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-10-18 22:19 - 2015-05-18 21:16 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-10-18 12:32 - 2019-01-13 17:14 - 000033792 _____ C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-10-18 08:35 - 2010-11-21 11:27 - 000670334 _____ C:\Windows\system32\perfh005.dat
2020-10-18 08:35 - 2010-11-21 11:27 - 000141946 _____ C:\Windows\system32\perfc005.dat
2020-10-18 08:35 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 08:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-10-18 08:30 - 2017-12-16 14:21 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-18 08:29 - 2014-02-26 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 08:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-16 11:05 - 2019-01-14 16:57 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-16 11:05 - 2019-01-06 19:38 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-16 11:05 - 2018-10-21 07:57 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-16 11:05 - 2017-12-16 14:22 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-16 11:05 - 2017-08-12 10:16 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-10-13 22:06 - 2014-02-25 16:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-13 22:06 - 2014-02-25 16:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-13 22:06 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-29 09:40 - 2014-02-25 15:33 - 000265832 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-09-28 12:33 - 2019-03-24 11:35 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2020-09-26 13:26 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\Documents\Larian Studios
2020-09-26 13:14 - 2019-10-03 20:55 - 000000000 ____D C:\Users\Robin\AppData\Local\LarianLauncher
2020-09-26 09:07 - 2016-12-14 21:22 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2020-09-25 18:01 - 2015-05-18 21:16 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-24 19:42 - 2014-02-26 19:32 - 000000000 ____D C:\Users\Robin\AppData\Roaming\XnView
2020-09-23 15:09 - 2014-02-26 17:48 - 000000000 ____D C:\ProgramData\Mozilla

==================== Files in the root of some directories ========

2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-08-01 12:08 - 2019-12-02 20:04 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-10-14 10:51
==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Admin (18-10-2020 23:47:26)
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-25 13:28:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2485784249-3341709608-829223016-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2485784249-3341709608-829223016-500 - Administrator - Disabled)
Guest (S-1-5-21-2485784249-3341709608-829223016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485784249-3341709608-829223016-1003 - Limited - Enabled)
Robin (S-1-5-21-2485784249-3341709608-829223016-1004 - Limited - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.445 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Advanced JPEG Compressor 2011 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2011 - WinSoftMagic Inc.)
Aegisub 3.2.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.0 - Aegisub Team)
Age of Wonders Planetfall Invasions (HKU\S-1-5-21-2485784249-3341709608-829223016-1001\...\Age of Wonders Planetfall Invasions) (Version: - HOODLUM)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
calibre (HKLM-x32\...\{0B374B2C-FE04-4741-B0B2-B14D84CEDAFF}) (Version: 3.35.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Expeditions: Viking (HKLM-x32\...\1450363937_is1) (Version: 1.0.7.4 - GOG.com)
Factorio (HKLM-x32\...\Factorio_is1) (Version: - )
Fallout3_CZ_1.0.0.15_patch (HKU\S-1-5-21-2485784249-3341709608-829223016-1004\...\{A403D710-B87F-11DD-6784-0F41E62818BE}) (Version: 1.0.0.15 - Cenega Czech)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version: - Kalypso Media)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Grim Dawn Forgotten Gods (HKLM-x32\...\Grim Dawn Forgotten Gods_is1) (Version: - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 81.0.2.7590 - Mozilla)
Mozilla Thunderbird 68.12.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 68.12.1 (x86 cs)) (Version: 68.12.1 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
PhotoImpact X3 (HKLM-x32\...\{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel) Hidden
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: 200908 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spellcross (DOSBox 0.74 emulace) (HKLM-x32\...\Spellcross (DOSBox 0.74 emulace)) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2485784249-3341709608-829223016-1004_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [AJC] -> {5071CDA5-D3E1-11D5-BFC0-005004A71005} => C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [2001-11-22] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-09 21:03 - 2020-07-09 21:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\MSVCP140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\ucrtbase.DLL
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\VCRUNTIME140.dll
2020-10-18 19:25 - 2020-10-18 19:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20101804\avast.local_vc142.crt\VCRUNTIME140_1.dll
2018-04-13 20:06 - 2018-04-13 20:06 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.triline.cz
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-13 09:16 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.211.45.3 - 212.96.160.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B49E75B1-A3B8-44ED-AE11-B46785FD2E67}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EDE61EF5-D8FF-4FAE-B94D-C935A3344EB1}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A6187EB-8DC1-4C89-88D9-3E9928F6940F}] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04FBBF19-723A-49A9-AAAE-FA93DA9005C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74B21F8B-7609-4F49-9022-9B9197B09F4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5991C55-B6A8-460F-B8E7-E41EF986D8D0}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{D37F2FA0-711E-4A01-BD05-8DCD73EC9E95}] => (Block) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{24316309-A1F6-468B-B10A-EEB36BCC0F08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{78ED4724-0F7A-4A6F-8FE4-0DAB928BD5F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29CC7501-9030-44DC-B16D-E5266489C60F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA322048-9FB3-4A42-B9AC-99A91E28237E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D7896EF1-9C27-4124-96F8-39635717B3FF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{46CF13F4-2BD8-4081-8F97-BF13859745E3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{9FC710FC-3CBA-41DA-ADB2-950EF7C0FE2B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{5C8CD737-8AF7-4D9D-AA37-F09E661E52E6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{3D336B23-9B4C-4844-B932-F44616F083E1}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{D23197A2-1D5F-4111-94A0-91826E46E1F3}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [{9CEAC37D-CBD9-4A1C-A0F1-2D04EBF1CA17}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{F82FC33E-8CD6-4738-AC2B-3F2986F9AB82}] => (Block) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{1EF79CD8-B7D3-4D2B-A4EA-3612AE214118}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [UDP Query User{94A7B34A-6184-4880-85D4-B0DE38B56AEF}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{F04177A1-43D9-408C-B31E-96EA2FE53999}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{11C44EE3-D698-4FF2-9783-0EA355D4D52D}E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) E:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:29:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2020 09:33:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2020 04:16:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 09:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 11:31:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:53:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2020 08:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2020 07:50:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:48 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 02:42:35 PM) (Source: DCOM) (EventID: 10016) (User: triline)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
a APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
uživateli triline\Robin SID (S-1-5-21-2485784249-3341709608-829223016-1004) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/18/2020 08:29:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (10/13/2020 03:01:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f020b): SAMSUNG Electronics Co., Ltd. - USB - 2.16.14.0.


CodeIntegrity:
===================================

Date: 2014-08-15 16:18:13.943
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.825
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.197
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.1 01/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8136.02 MB
Available physical RAM: 4803.96 MB
Total Virtual: 13134.16 MB
Available Virtual: 9714.88 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:103 GB) (Free:10.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:56.39 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:1863.01 GB) (Free:39.45 GB) NTFS

\\?\Volume{4e7be4a2-9b09-11e3-b7a6-d43d7effa8c6}\ (WinRE-ATC) (Fixed) (Total:8.79 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5A4EEB50)
Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 795381E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 45DB875B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: preventivní kontrloa

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\...\system: [disablecmd] 0
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
2020-10-18 22:19 - 2020-06-27 10:24 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 22:19 - 2020-06-27 10:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-08-01 12:08 - 2019-12-02 20:04 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini
AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: preventivní kontrloa

#7 Příspěvek od BacilX »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Admin (20-10-2020 13:25:22) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Robin
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\...\system: [disablecmd] 0
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
2020-10-18 22:19 - 2020-06-27 10:24 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 22:19 - 2020-06-27 10:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2019-11-24 09:54 - 2019-04-16 13:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
2019-08-01 12:08 - 2019-12-02 20:04 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini
AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2485784249-3341709608-829223016-1004 -> {169BF712-789D-41AD-A264-04B7A3AC135F} URL =

EmptyTemp:

*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Policies\Microsoft\Windows\System\\disablecmd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7FFF6BC-E472-4F42-A199-8395CF0249B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7FFF6BC-E472-4F42-A199-8395CF0249B5}" => removed successfully
C:\Windows\System32\Tasks\Norton Security Scan for Admin => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for Admin" => removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
C:\ProgramData\cmdres.dll => moved successfully
C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini => moved successfully
C:\Users\Admin\Downloads => ":Shareaza.GUID" ADS could not remove.
C:\Users\Robin\Downloads => ":Shareaza.GUID" ADS could not remove.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-2485784249-3341709608-829223016-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{169BF712-789D-41AD-A264-04B7A3AC135F} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2156716 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 157501 B
Edge => 0 B
Chrome => 0 B
Firefox => 95540933 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 256 B
UpdatusUser => 256 B
Admin => 18160477 B
Robin => 446481920 B

RecycleBin => 57455 B
EmptyTemp: => 544.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:25:26 ====
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: preventivní kontrloa

#8 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: preventivní kontrloa

#9 Příspěvek od BacilX »

pc je ok...to byla jen kontrola pro klid mé duše :-)
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: preventivní kontrloa

#10 Příspěvek od Diallix »

Ok, dobre.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno