VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu - zlobí [trj]

https://forum.viry.cz:443/viewtopic.php?t=155004

Stránka 1 z 2

Prosím o kontrolu - zlobí [trj]

Napsal: 19 říj 2018 19:01
od TraCker
Ahoj. Prosím o kontrolu. Objevil se mi problém s blokováním webových stránek mým antivirem, mbam... Vždy vyskočí hláška o Bezpečném přerušení spojení s coinhove.com, kde jsme zjístili infekci BV:Miner-T [Trj] Při běžných kontrolách antivirem nebo prográmen na nalezení malware se nic nenajde. již jsem zkoušel promazat cookies, komplet Appdata prohlížečů. Bez výsledků. Díky za každou pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by pat (administrator) on PAT-PC (19-10-2018 19:48:50)
Running from C:\Users\pat\Downloads
Loaded Profiles: pat (Available Profiles: pat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Gaijin Entertainment) C:\Users\pat\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-16] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [Gaijin.Net Agent] => C:\Users\pat\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2128968 2018-06-14] (Gaijin Entertainment)
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [World of Tanks] => "D:\HRY\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-07] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-12-26]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.0.44.81 8.8.8.8
Tcpip\..\Interfaces\{E8D39133-4B3B-4DDA-916A-C29471683D2C}: [DhcpNameServer] 192.168.1.1 10.0.44.81 8.8.8.8

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: z1635p9s.default
FF ProfilePath: C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default [2018-10-19]
FF Extension: (Telemetry coverage) - C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default\features\{fd8a5807-6d0f-4a92-aae7-d2d77b638d33}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-16] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-10-17] (SurfRight B.V.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-06] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub3; C:\Windows\system32\drivers\amdhub3.sys [160936 2017-02-16] (Advanced Micro Devices, Inc)
S3 amdhub31; C:\Windows\system32\drivers\amdhub31.sys [141528 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhc31; C:\Windows\system32\drivers\amdxhc31.sys [440536 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhci; C:\Windows\system32\drivers\amdxhci.sys [346792 2017-02-16] (Advanced Micro Devices, Inc)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-02] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-16] (AVAST Software)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-12] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
S3 IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [125408 2017-05-23] (Intel Corporation)
R0 IaNVMeF; C:\Windows\System32\drivers\IaNVMeF.sys [35808 2017-05-23] (Intel Corporation)
S3 IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [592408 2016-01-22] (Intel Corporation)
R0 IaRNVMeF; C:\Windows\System32\drivers\IaRNVMeF.sys [36888 2016-01-22] (Intel Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [83784 2015-12-16] (Samsung Electronics Co., Ltd)
R0 nvmeF; C:\Windows\System32\drivers\nvmeF.sys [30776 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2018-01-25] ()
S3 tilfilter; C:\Windows\system32\drivers\TIxHCIlfilter.sys [17672 2015-02-11] (Texas Instruments, Inc.)
S3 tiufilter; C:\Windows\system32\drivers\TIxHCIufilter.sys [23304 2015-02-11] (Texas Instruments, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [221696 2015-08-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [294912 2015-08-20] (VIA Technologies, Inc.)
U3 a9rf72zv; C:\Windows\System32\Drivers\a9rf72zv.sys [0 ] (Asmedia Technology) <==== ATTENTION (zero byte File/Folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-19 19:48 - 2018-10-19 19:49 - 000014063 _____ C:\Users\pat\Downloads\FRST.txt
2018-10-19 19:46 - 2018-10-19 19:48 - 000000000 ____D C:\FRST
2018-10-19 19:45 - 2018-10-19 19:45 - 002414592 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe
2018-10-18 13:58 - 2018-10-19 19:37 - 000000000 ____D C:\Users\pat\AppData\LocalLow\Mozilla
2018-10-18 13:58 - 2018-10-18 14:00 - 000000000 ____D C:\Users\pat\AppData\Local\Mozilla
2018-10-18 13:58 - 2018-10-18 13:58 - 000000000 ____D C:\Users\pat\AppData\Roaming\Mozilla
2018-10-18 13:31 - 2018-10-19 15:38 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-18 13:31 - 2018-10-19 15:38 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-10-18 13:31 - 2018-10-18 13:31 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-18 13:31 - 2018-10-18 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-18 13:31 - 2018-10-18 13:31 - 000000000 ____D C:\Program Files\CCleaner
2018-10-18 13:29 - 2018-10-18 13:30 - 016791088 _____ (Piriform Ltd) C:\Users\pat\Downloads\ccsetup547.exe
2018-10-17 13:03 - 2018-10-17 13:03 - 000001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-10-17 13:03 - 2018-10-17 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-10-17 13:03 - 2018-10-17 13:03 - 000000000 ____D C:\Program Files\HitmanPro
2018-10-17 13:01 - 2018-10-17 13:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-17 09:37 - 2018-10-17 09:37 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-17 09:37 - 2018-10-17 09:37 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-17 09:36 - 2018-10-19 15:38 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-17 09:36 - 2018-10-19 15:38 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-16 22:55 - 2018-10-16 22:55 - 000000000 ____D C:\Users\pat\AppData\Local\mbam
2018-10-16 22:54 - 2018-10-16 22:54 - 000000000 ____D C:\Users\pat\AppData\Local\mbamtray
2018-10-16 08:34 - 2018-10-16 08:33 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-10-16 08:34 - 2018-10-16 08:33 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-10-14 16:45 - 2018-10-14 16:46 - 023906386 _____ C:\Users\pat\Desktop\TanM1Abrams.zip
2018-10-05 16:19 - 2018-10-05 16:19 - 000000000 ____D C:\Users\pat\Desktop\Ander-z-Košíc-komplet
2018-10-05 12:21 - 2018-10-05 13:09 - 722982819 _____ C:\Users\pat\Desktop\Ander-z-Košíc-komplet.rar
2018-10-04 16:08 - 2018-10-04 16:19 - 000000000 ____D C:\Users\pat\Desktop\war thunder
2018-10-03 16:02 - 2018-10-03 16:02 - 000181395 _____ C:\Users\pat\Desktop\inv_AQSVL_180156463.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-19 19:44 - 2009-07-14 06:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-19 19:44 - 2009-07-14 06:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-19 19:37 - 2017-12-26 21:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-19 19:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-19 15:38 - 2018-05-31 15:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-05-31 15:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-19 15:38 - 2018-02-04 11:21 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-10-19 15:38 - 2018-01-01 17:52 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-10-18 17:29 - 2011-04-12 10:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-10-18 17:29 - 2011-04-12 10:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-10-18 17:29 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 17:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-10-18 13:32 - 2018-01-25 13:11 - 000000000 ____D C:\Users\pat\AppData\Local\CrashDumps
2018-10-18 13:32 - 2018-01-02 23:14 - 000000000 ____D C:\Users\pat\AppData\Roaming\TS3Client
2018-10-18 13:32 - 2017-12-26 20:32 - 000000000 ____D C:\Windows\Panther
2018-10-18 08:35 - 2018-01-01 17:51 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-10-18 08:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-17 13:21 - 2017-12-31 14:13 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-10-17 09:37 - 2018-01-01 17:53 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-16 17:45 - 2018-07-17 19:24 - 000000000 ____D C:\Users\pat\AppData\Local\AVAST Software
2018-10-16 12:29 - 2018-01-26 21:12 - 000000000 ____D C:\Windows\system32\MRT
2018-10-16 12:26 - 2018-01-26 21:12 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-16 08:33 - 2018-01-01 17:51 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-10-09 17:51 - 2018-02-04 11:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 15:13 - 2017-12-31 13:42 - 000000000 ____D C:\Users\pat\AppData\Roaming\uTorrent
2018-10-05 07:50 - 2017-12-26 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-05 07:50 - 2017-12-26 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-04 19:15 - 2017-12-31 14:16 - 000000000 ____D C:\Users\pat\AppData\Roaming\vlc
2018-10-03 19:08 - 2018-02-04 11:22 - 000000000 ____D C:\Users\pat\AppData\LocalLow\Adobe
2018-10-03 16:15 - 2018-01-02 23:13 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-10-01 12:47 - 2018-01-01 14:21 - 000020413 _____ C:\Users\pat\Desktop\Elektrika - evidence.xlsx
2018-10-01 12:41 - 2009-07-14 07:08 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-09-29 17:47 - 2017-12-26 21:25 - 000000000 ____D C:\Users\pat\AppData\Local\NVIDIA Corporation
2018-09-29 17:47 - 2017-12-26 21:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-09-29 17:46 - 2017-12-26 21:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-09-29 17:46 - 2017-12-26 21:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-09-27 14:50 - 2018-01-26 21:06 - 001557940 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-22 23:31 - 2017-12-26 21:35 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-09-22 23:31 - 2017-12-26 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Files in the root of some directories =======

2018-04-29 07:56 - 2017-06-26 21:27 - 000000701 _____ () C:\Users\pat\AppData\Roaming\jpsound.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-17 04:53

==================== End of FRST.txt ============================
-------------------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by pat (19-10-2018 19:49:29)
Running from C:\Users\pat\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-12-26 18:38:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1468757853-3891145367-2386166035-500 - Administrator - Disabled)
Guest (S-1-5-21-1468757853-3891145367-2386166035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1468757853-3891145367-2386166035-1002 - Limited - Enabled)
pat (S-1-5-21-1468757853-3891145367-2386166035-1000 - Administrator - Enabled) => C:\Users\pat

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Aktualizace NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.1.000 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.14.2 - SCS Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
JPG To PDF 3 (HKLM-x32\...\JPG To PDF_is1) (Version: - JPG To PDF Developer Team)
Mashinky (HKLM-x32\...\Mashinky_is1) (Version: - )
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.15.0.164 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.164 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Ovládací panel NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Skype verze 8.30 (HKLM-x32\...\Skype_is1) (Version: 8.30 - Skype Technologies S.A.)
Sudden Strike 4 (HKLM-x32\...\2146639313_is1) (Version: 1.00.19037 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB57ECF-3533-421B-97B6-BDAB71ED295A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {13613DC9-312F-4380-B509-A943CCB2AF64} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-07] (Piriform Ltd)
Task: {1AC2790A-EC76-470A-A809-0BF57D14210A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {22D2989B-727D-459A-BDF2-EC5CD2C5B017} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-16] (AVAST Software)
Task: {248D4E31-293D-42FC-A7F9-2B1CCE00F55A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {30E7C0A5-B668-4A17-A894-588BEBAFEB08} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {32B44B62-7E59-4E63-B8FC-532680D6AF3E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-14] (AVAST Software)
Task: {426B4300-3B48-4051-8F74-62E5F7ECA2A1} - System32\Tasks\{8392DF19-88BB-4404-8CE9-D87482EFDBD0} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {58C1EACB-B457-4340-BF8A-3FE2A9C63521} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {6A91A009-8331-4DFC-ACC4-443E71CD8668} - System32\Tasks\{34F08B1F-D10F-494B-AECD-933BFBEB0744} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\setup.exe -d C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\ <==== ATTENTION
Task: {823EDF95-8607-40D5-AE99-969FD67407BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {907F7CD4-DCF9-4F69-8523-F0952990BE72} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {9AA7B7BB-E458-4F8F-809C-61478E489E9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {9B0E9683-8754-4189-A1C7-65FB5B6A3E10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {A8C0A49A-8288-4328-BAB2-DDADB43A37CF} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {AF2145DE-4594-400B-BF54-F906362717A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-12] (NVIDIA Corporation)
Task: {B8786AF4-6EF9-465D-BA00-B999D10F9CFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-07] (Piriform Ltd)
Task: {D9A3D5BE-C6A4-4EDC-BFFC-084A728ACB53} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {D9A9216F-1A36-4B10-9E41-DF1767EF454E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {D9D45BFC-48FA-43E2-8F63-7177B0838F38} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-12] (NVIDIA Corporation)
Task: {DAC552E5-616E-4012-B366-E3DB81022897} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-12] (NVIDIA Corporation)
Task: {E690E1E9-B291-47B3-9B8A-E00A0BF8B91D} - \AutoKMS -> No File <==== ATTENTION
Task: {F14FE582-5280-4259-9E99-AB8D58E5661F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-01-30 03:40 - 2010-01-30 03:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2018-05-31 15:20 - 2018-09-12 13:45 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000730328 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 101252304 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 002673360 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 000138960 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-10-19 15:27 - 2018-10-19 15:27 - 005712016 _____ () C:\Program Files\AVAST Software\Avast\defs\18101904\algo.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-03-08 13:21 - 2018-03-08 13:21 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-10-19 19:36 - 000000829 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1 - 10.0.44.81
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63EB2804-A3C8-4BA0-8FD2-897D569A342C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F58C44D-48DD-4C48-AB2B-884A3DA2E6F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DDA5DE60-41F6-4657-B2C0-6F0C8F6037FC}C:\users\pat\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pat\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{C5C397CE-E310-4DD2-88E0-F168A08B18EA}C:\users\pat\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pat\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{E785D929-2E3B-47EC-AE6D-701634B9C796}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{0A508416-861F-4F3E-8B21-4F082E1D7270}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{153719FB-50CA-4F63-8ADE-6169A891B546}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{382B4F11-0287-4BA8-94A5-FFA261060C84}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{77277A90-0AA1-428C-A2A2-B1094B6B7115}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [UDP Query User{6910555F-6001-42A2-9AA6-43DBC043730C}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [TCP Query User{37E297FD-917A-475E-AF8F-3141F908458D}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C23775F9-958B-4D59-9348-37FDD94E6730}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{820B16F1-333B-4F00-8785-F6EF8D33C808}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{5421AE25-24D2-4E1A-AC35-C4509EF1728A}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [{2CE37A56-6392-48AE-ADF5-B5FFF5E09441}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{07287AB3-CC79-41BC-9D1D-38CF1144EB72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6FFC0715-EB2A-4FFD-A7BD-C572CDBFE91B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{07337767-A52C-4373-80EC-659F980A6FD6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{270FF989-5EA3-4C7A-8923-DD170E249935}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C97F00CA-AF6B-4360-968C-B759F330343E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{E1874EAE-1E34-499D-A4F4-D98A6E0F3C2F}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{29C2A6CB-CC10-42D9-B265-5AC9B4C38C1C}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{36600EE3-EC1A-4119-85C1-D7AF2B52B646}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE428745-B040-4720-BCC8-BD032FA02FFB}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1A91E2EB-B475-4D65-878E-9EAA5C048D3D}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [UDP Query User{EE3AB03C-96C3-4E33-81CA-3024BAD2B9B7}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [TCP Query User{0105BA11-A8A4-4815-8EBD-8C03A19CEC09}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{EF2923E6-F4DA-4112-8593-5AF93AF8DEC3}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [{ED8824CD-3835-4B0F-9A0C-89B3EB40184A}] => (Allow) D:\HRY\WarThunderDev\launcher.exe
FirewallRules: [{C0310C8D-1A32-4598-8C4D-271E52376A48}] => (Allow) D:\HRY\WarThunderDev\launcher.exe
FirewallRules: [{288C03CD-BA3B-48E1-A19F-AD2DA064DD49}] => (Allow) LPort=80
FirewallRules: [{F96F9140-AC1E-4AFE-9365-935196412EAB}] => (Allow) LPort=443
FirewallRules: [{765CA2B9-6CDC-4B94-A091-FE005BCA5447}] => (Allow) LPort=20010
FirewallRules: [{1D029840-6577-42CA-BCA6-B7E229EAF1F7}] => (Allow) LPort=3478
FirewallRules: [{30019E59-1351-4AAF-9EB7-A4BECAE45D68}] => (Allow) LPort=7850
FirewallRules: [{0F2E2EB0-06E3-4B23-B303-E9A636D45005}] => (Allow) LPort=7852
FirewallRules: [{6E652500-4EA1-4D99-9521-FCD236EA8613}] => (Allow) LPort=7853
FirewallRules: [{D3D59CFA-61D6-49C5-8755-8E63F7CA8B8A}] => (Allow) LPort=27022
FirewallRules: [{4C82F4DC-0D7B-4FF7-BFBF-3A249010E6F4}] => (Allow) LPort=6881
FirewallRules: [{DE50155A-D750-4177-9C3F-35C239959DAB}] => (Allow) LPort=33333
FirewallRules: [{657E3324-0748-42F3-9175-CBDF9E83BB63}] => (Allow) LPort=20443
FirewallRules: [{570F4DB6-75C6-4596-92AB-90354F5A161C}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{EBA7C1A3-A754-4A6D-9DCA-95F91D185D01}D:\hry\warthunderdev\win64\aces.exe] => (Allow) D:\hry\warthunderdev\win64\aces.exe
FirewallRules: [UDP Query User{8E30B0AF-041B-4C3D-87E3-392A73AAF4D1}D:\hry\warthunderdev\win64\aces.exe] => (Allow) D:\hry\warthunderdev\win64\aces.exe
FirewallRules: [{2471E963-A3C0-4EB9-9298-6FA3FE8D81F3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1F87CF33-280A-49A4-982C-E9A20CA121EA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{52F179DE-7F5B-402C-B623-E23360A21D80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{625CB129-DD37-46F6-923F-727E2DC2F38B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{18247BFC-914C-402F-9EAA-21F6D9F7D542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C800CC1C-9FC6-4FD8-9255-16654C5F6001}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66457FFF-5DFF-4C00-BCD4-651BC0B951F9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{3B520F5D-11E9-458D-BD2D-8E2A30CE6339}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7C0AB730-4DF5-4FCE-ACC3-7AD21B9634B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{01CEC1CD-BD53-4388-A4AA-29B44D7957F1}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{C3DD9A63-B687-4D07-8909-81C1ACF14A90}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{E59C04B6-498F-46FB-8D8A-46FC1A4C38F2}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{EE7DC5B7-8380-46F5-9074-E33E29F70F2E}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{736FB06C-396D-4ED4-ACCA-79AFD92A7DBF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{934114AC-9F06-457F-9E22-60141FCC1C21}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

16-10-2018 12:34:45 Windows Update
17-10-2018 13:08:16 Checkpoint by HitmanPro
17-10-2018 13:29:33 Checkpoint by HitmanPro
17-10-2018 13:35:20 Checkpoint by HitmanPro
17-10-2018 13:36:33 Checkpoint by HitmanPro
17-10-2018 13:45:30 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2018 07:36:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2018 03:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 05:20:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 12:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2018 01:22:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: sznpp_64.exe, verze: 2.1.32.0, časové razítko: 0x5ae9c366
Název chybujícího modulu: sznpp_64.exe, verze: 2.1.32.0, časové razítko: 0x5ae9c366
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000140dc
ID chybujícího procesu: 0x13cc
Čas spuštění chybující aplikace: 0x01d4660b9a980ebb
Cesta k chybující aplikaci: C:\Users\pat\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe
Cesta k chybujícímu modulu: C:\Users\pat\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe
ID zprávy: deb1115b-d1fe-11e8-8422-14dae939ded6

Error: (10/17/2018 01:20:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/19/2018 07:35:55 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 07:35:55 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 07:35:55 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 07:35:55 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 03:31:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Update přestala během spouštění reagovat.

Error: (10/19/2018 03:26:10 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 03:26:10 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/19/2018 03:26:10 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 32%
Total physical RAM: 8172.16 MB
Available physical RAM: 5537.18 MB
Total Virtual: 16342.47 MB
Available Virtual: 12699.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.28 GB) (Free:414.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:1374.73 GB) (Free:717.38 GB) NTFS
Drive g: (odpad) (Fixed) (Total:465.76 GB) (Free:462.06 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5D741478)
Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1374.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 41D041CF)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 19 říj 2018 19:50
od Rudy
Zdravím!
Ten troják je na tom webu a hlášky jsou proto, že antivir přístup na něj zablokoval. Je nutné to respektovat. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 16:59
od TraCker
Zdravíčko.

Díky za reakci. Ono ten troják s káče úplně jedno kde. I na seznam.cz, centrum.cz..... Teď už mi to vyskakuje i s vyplým prolížečem.

Tady výpis:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-20-2018
# Duration: 00:00:01
# OS: Windows 7 Ultimate
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\DllKitPRO

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1272 octets] - [20/10/2018 17:54:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 17:59
od Rudy
Dejte nový log FRST.

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 18:43
od TraCker
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by pat (administrator) on PAT-PC (20-10-2018 19:42:16)
Running from C:\Users\pat\Downloads
Loaded Profiles: pat (Available Profiles: pat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Gaijin Entertainment) C:\Users\pat\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-16] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [Gaijin.Net Agent] => C:\Users\pat\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2128968 2018-06-14] (Gaijin Entertainment)
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [World of Tanks] => "D:\HRY\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-07] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-12-26]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.0.44.81 8.8.8.8
Tcpip\..\Interfaces\{E8D39133-4B3B-4DDA-916A-C29471683D2C}: [DhcpNameServer] 192.168.1.1 10.0.44.81 8.8.8.8

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: z1635p9s.default
FF ProfilePath: C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default [2018-10-20]
FF Extension: (Telemetry coverage) - C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default\features\{fd8a5807-6d0f-4a92-aae7-d2d77b638d33}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-16] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-10-17] (SurfRight B.V.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-06] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub3; C:\Windows\system32\drivers\amdhub3.sys [160936 2017-02-16] (Advanced Micro Devices, Inc)
S3 amdhub31; C:\Windows\system32\drivers\amdhub31.sys [141528 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhc31; C:\Windows\system32\drivers\amdxhc31.sys [440536 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhci; C:\Windows\system32\drivers\amdxhci.sys [346792 2017-02-16] (Advanced Micro Devices, Inc)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-02] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-16] (AVAST Software)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-12] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
S3 IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [125408 2017-05-23] (Intel Corporation)
R0 IaNVMeF; C:\Windows\System32\drivers\IaNVMeF.sys [35808 2017-05-23] (Intel Corporation)
S3 IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [592408 2016-01-22] (Intel Corporation)
R0 IaRNVMeF; C:\Windows\System32\drivers\IaRNVMeF.sys [36888 2016-01-22] (Intel Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [83784 2015-12-16] (Samsung Electronics Co., Ltd)
R0 nvmeF; C:\Windows\System32\drivers\nvmeF.sys [30776 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2018-01-25] ()
S3 tilfilter; C:\Windows\system32\drivers\TIxHCIlfilter.sys [17672 2015-02-11] (Texas Instruments, Inc.)
S3 tiufilter; C:\Windows\system32\drivers\TIxHCIufilter.sys [23304 2015-02-11] (Texas Instruments, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [221696 2015-08-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [294912 2015-08-20] (VIA Technologies, Inc.)
U3 aombi8rw; C:\Windows\System32\Drivers\aombi8rw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-20 17:54 - 2018-10-20 17:55 - 000000000 ____D C:\AdwCleaner
2018-10-20 17:51 - 2018-10-20 17:54 - 007592144 _____ (Malwarebytes) C:\Users\pat\Desktop\adwcleaner_7.2.4.0.exe
2018-10-19 19:49 - 2018-10-19 19:49 - 000031907 _____ C:\Users\pat\Downloads\Addition.txt
2018-10-19 19:48 - 2018-10-20 19:42 - 000013761 _____ C:\Users\pat\Downloads\FRST.txt
2018-10-19 19:46 - 2018-10-20 19:42 - 000000000 ____D C:\FRST
2018-10-19 19:45 - 2018-10-19 19:45 - 002414592 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe
2018-10-18 13:58 - 2018-10-20 17:57 - 000000000 ____D C:\Users\pat\AppData\LocalLow\Mozilla
2018-10-18 13:58 - 2018-10-18 14:00 - 000000000 ____D C:\Users\pat\AppData\Local\Mozilla
2018-10-18 13:58 - 2018-10-18 13:58 - 000000000 ____D C:\Users\pat\AppData\Roaming\Mozilla
2018-10-18 13:31 - 2018-10-20 18:20 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-18 13:31 - 2018-10-20 18:20 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-10-18 13:31 - 2018-10-18 13:31 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-18 13:31 - 2018-10-18 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-18 13:31 - 2018-10-18 13:31 - 000000000 ____D C:\Program Files\CCleaner
2018-10-18 13:29 - 2018-10-18 13:30 - 016791088 _____ (Piriform Ltd) C:\Users\pat\Downloads\ccsetup547.exe
2018-10-17 13:03 - 2018-10-17 13:03 - 000001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-10-17 13:03 - 2018-10-17 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-10-17 13:03 - 2018-10-17 13:03 - 000000000 ____D C:\Program Files\HitmanPro
2018-10-17 13:01 - 2018-10-17 13:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-17 09:37 - 2018-10-17 09:37 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-17 09:37 - 2018-10-17 09:37 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-17 09:36 - 2018-10-20 18:20 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-17 09:36 - 2018-10-20 18:20 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-16 22:55 - 2018-10-16 22:55 - 000000000 ____D C:\Users\pat\AppData\Local\mbam
2018-10-16 22:54 - 2018-10-16 22:54 - 000000000 ____D C:\Users\pat\AppData\Local\mbamtray
2018-10-16 08:34 - 2018-10-16 08:33 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-10-16 08:34 - 2018-10-16 08:33 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-10-14 16:45 - 2018-10-14 16:46 - 023906386 _____ C:\Users\pat\Desktop\TanM1Abrams.zip
2018-10-05 16:19 - 2018-10-05 16:19 - 000000000 ____D C:\Users\pat\Desktop\Ander-z-Košíc-komplet
2018-10-05 12:21 - 2018-10-05 13:09 - 722982819 _____ C:\Users\pat\Desktop\Ander-z-Košíc-komplet.rar
2018-10-04 16:08 - 2018-10-04 16:19 - 000000000 ____D C:\Users\pat\Desktop\war thunder
2018-10-03 16:02 - 2018-10-03 16:02 - 000181395 _____ C:\Users\pat\Desktop\inv_AQSVL_180156463.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-20 18:26 - 2009-07-14 06:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-20 18:26 - 2009-07-14 06:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-20 18:20 - 2018-05-31 15:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-05-31 15:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-20 18:20 - 2018-02-04 11:21 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-10-20 18:20 - 2018-01-01 17:52 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-10-20 18:20 - 2017-12-26 21:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-20 17:56 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-18 17:29 - 2011-04-12 10:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-10-18 17:29 - 2011-04-12 10:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-10-18 17:29 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 17:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-10-18 13:32 - 2018-01-25 13:11 - 000000000 ____D C:\Users\pat\AppData\Local\CrashDumps
2018-10-18 13:32 - 2018-01-02 23:14 - 000000000 ____D C:\Users\pat\AppData\Roaming\TS3Client
2018-10-18 13:32 - 2017-12-26 20:32 - 000000000 ____D C:\Windows\Panther
2018-10-18 08:35 - 2018-01-01 17:51 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-10-18 08:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-17 13:21 - 2017-12-31 14:13 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-10-17 09:37 - 2018-01-01 17:53 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-16 17:45 - 2018-07-17 19:24 - 000000000 ____D C:\Users\pat\AppData\Local\AVAST Software
2018-10-16 12:29 - 2018-01-26 21:12 - 000000000 ____D C:\Windows\system32\MRT
2018-10-16 12:26 - 2018-01-26 21:12 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-16 08:33 - 2018-01-01 17:51 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-10-16 08:33 - 2018-01-01 17:51 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-10-09 17:51 - 2018-02-04 11:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 15:13 - 2017-12-31 13:42 - 000000000 ____D C:\Users\pat\AppData\Roaming\uTorrent
2018-10-05 07:50 - 2017-12-26 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-05 07:50 - 2017-12-26 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-04 19:15 - 2017-12-31 14:16 - 000000000 ____D C:\Users\pat\AppData\Roaming\vlc
2018-10-03 19:08 - 2018-02-04 11:22 - 000000000 ____D C:\Users\pat\AppData\LocalLow\Adobe
2018-10-03 16:15 - 2018-01-02 23:13 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-10-01 12:47 - 2018-01-01 14:21 - 000020413 _____ C:\Users\pat\Desktop\Elektrika - evidence.xlsx
2018-10-01 12:41 - 2009-07-14 07:08 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-09-29 17:47 - 2017-12-26 21:25 - 000000000 ____D C:\Users\pat\AppData\Local\NVIDIA Corporation
2018-09-29 17:47 - 2017-12-26 21:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-09-29 17:46 - 2017-12-26 21:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-09-29 17:46 - 2017-12-26 21:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-09-27 14:50 - 2018-01-26 21:06 - 001557940 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-22 23:31 - 2017-12-26 21:35 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-09-22 23:31 - 2017-12-26 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Files in the root of some directories =======

2018-04-29 07:56 - 2017-06-26 21:27 - 000000701 _____ () C:\Users\pat\AppData\Roaming\jpsound.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-17 04:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by pat (20-10-2018 19:42:43)
Running from C:\Users\pat\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-12-26 18:38:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1468757853-3891145367-2386166035-500 - Administrator - Disabled)
Guest (S-1-5-21-1468757853-3891145367-2386166035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1468757853-3891145367-2386166035-1002 - Limited - Enabled)
pat (S-1-5-21-1468757853-3891145367-2386166035-1000 - Administrator - Enabled) => C:\Users\pat

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Aktualizace NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.1.000 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.14.2 - SCS Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
JPG To PDF 3 (HKLM-x32\...\JPG To PDF_is1) (Version: - JPG To PDF Developer Team)
Mashinky (HKLM-x32\...\Mashinky_is1) (Version: - )
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.15.0.164 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.164 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Ovládací panel NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Skype verze 8.30 (HKLM-x32\...\Skype_is1) (Version: 8.30 - Skype Technologies S.A.)
Sudden Strike 4 (HKLM-x32\...\2146639313_is1) (Version: 1.00.19037 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-16] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB57ECF-3533-421B-97B6-BDAB71ED295A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {13613DC9-312F-4380-B509-A943CCB2AF64} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-07] (Piriform Ltd)
Task: {1AC2790A-EC76-470A-A809-0BF57D14210A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {22D2989B-727D-459A-BDF2-EC5CD2C5B017} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-16] (AVAST Software)
Task: {248D4E31-293D-42FC-A7F9-2B1CCE00F55A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {30E7C0A5-B668-4A17-A894-588BEBAFEB08} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {32B44B62-7E59-4E63-B8FC-532680D6AF3E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-14] (AVAST Software)
Task: {426B4300-3B48-4051-8F74-62E5F7ECA2A1} - System32\Tasks\{8392DF19-88BB-4404-8CE9-D87482EFDBD0} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {58C1EACB-B457-4340-BF8A-3FE2A9C63521} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {6A91A009-8331-4DFC-ACC4-443E71CD8668} - System32\Tasks\{34F08B1F-D10F-494B-AECD-933BFBEB0744} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\setup.exe -d C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\ <==== ATTENTION
Task: {823EDF95-8607-40D5-AE99-969FD67407BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {907F7CD4-DCF9-4F69-8523-F0952990BE72} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {9AA7B7BB-E458-4F8F-809C-61478E489E9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {9B0E9683-8754-4189-A1C7-65FB5B6A3E10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {A8C0A49A-8288-4328-BAB2-DDADB43A37CF} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {AF2145DE-4594-400B-BF54-F906362717A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-12] (NVIDIA Corporation)
Task: {B8786AF4-6EF9-465D-BA00-B999D10F9CFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-07] (Piriform Ltd)
Task: {D9A3D5BE-C6A4-4EDC-BFFC-084A728ACB53} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {D9A9216F-1A36-4B10-9E41-DF1767EF454E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {D9D45BFC-48FA-43E2-8F63-7177B0838F38} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-12] (NVIDIA Corporation)
Task: {DAC552E5-616E-4012-B366-E3DB81022897} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-12] (NVIDIA Corporation)
Task: {E690E1E9-B291-47B3-9B8A-E00A0BF8B91D} - \AutoKMS -> No File <==== ATTENTION
Task: {F14FE582-5280-4259-9E99-AB8D58E5661F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-26 21:22 - 2018-09-06 03:18 - 000142888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2018-05-31 15:20 - 2018-09-12 13:45 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 101252304 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 002673360 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 000138960 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000730328 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-10-20 17:48 - 2018-10-20 17:48 - 005678224 _____ () C:\Program Files\AVAST Software\Avast\defs\18102008\algo.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-10-16 08:33 - 2018-10-16 08:33 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-31 15:20 - 2018-09-12 13:45 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-03-08 13:21 - 2018-03-08 13:21 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-10-20 18:43 - 000000829 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1468757853-3891145367-2386166035-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1 - 10.0.44.81
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63EB2804-A3C8-4BA0-8FD2-897D569A342C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F58C44D-48DD-4C48-AB2B-884A3DA2E6F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DDA5DE60-41F6-4657-B2C0-6F0C8F6037FC}C:\users\pat\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pat\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{C5C397CE-E310-4DD2-88E0-F168A08B18EA}C:\users\pat\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pat\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{E785D929-2E3B-47EC-AE6D-701634B9C796}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{0A508416-861F-4F3E-8B21-4F082E1D7270}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{153719FB-50CA-4F63-8ADE-6169A891B546}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{382B4F11-0287-4BA8-94A5-FFA261060C84}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{77277A90-0AA1-428C-A2A2-B1094B6B7115}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [UDP Query User{6910555F-6001-42A2-9AA6-43DBC043730C}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [TCP Query User{37E297FD-917A-475E-AF8F-3141F908458D}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C23775F9-958B-4D59-9348-37FDD94E6730}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{820B16F1-333B-4F00-8785-F6EF8D33C808}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{5421AE25-24D2-4E1A-AC35-C4509EF1728A}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [{2CE37A56-6392-48AE-ADF5-B5FFF5E09441}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{07287AB3-CC79-41BC-9D1D-38CF1144EB72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6FFC0715-EB2A-4FFD-A7BD-C572CDBFE91B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{07337767-A52C-4373-80EC-659F980A6FD6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{270FF989-5EA3-4C7A-8923-DD170E249935}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C97F00CA-AF6B-4360-968C-B759F330343E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{E1874EAE-1E34-499D-A4F4-D98A6E0F3C2F}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{29C2A6CB-CC10-42D9-B265-5AC9B4C38C1C}D:\hry\warthunder\win64\aces.exe] => (Allow) D:\hry\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{36600EE3-EC1A-4119-85C1-D7AF2B52B646}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE428745-B040-4720-BCC8-BD032FA02FFB}C:\users\pat\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pat\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1A91E2EB-B475-4D65-878E-9EAA5C048D3D}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [UDP Query User{EE3AB03C-96C3-4E33-81CA-3024BAD2B9B7}D:\hry\warthunder\launcher.exe] => (Allow) D:\hry\warthunder\launcher.exe
FirewallRules: [TCP Query User{0105BA11-A8A4-4815-8EBD-8C03A19CEC09}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{EF2923E6-F4DA-4112-8593-5AF93AF8DEC3}D:\hry\world_of_tanks\wotlauncher.exe] => (Block) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [{ED8824CD-3835-4B0F-9A0C-89B3EB40184A}] => (Allow) D:\HRY\WarThunderDev\launcher.exe
FirewallRules: [{C0310C8D-1A32-4598-8C4D-271E52376A48}] => (Allow) D:\HRY\WarThunderDev\launcher.exe
FirewallRules: [{288C03CD-BA3B-48E1-A19F-AD2DA064DD49}] => (Allow) LPort=80
FirewallRules: [{F96F9140-AC1E-4AFE-9365-935196412EAB}] => (Allow) LPort=443
FirewallRules: [{765CA2B9-6CDC-4B94-A091-FE005BCA5447}] => (Allow) LPort=20010
FirewallRules: [{1D029840-6577-42CA-BCA6-B7E229EAF1F7}] => (Allow) LPort=3478
FirewallRules: [{30019E59-1351-4AAF-9EB7-A4BECAE45D68}] => (Allow) LPort=7850
FirewallRules: [{0F2E2EB0-06E3-4B23-B303-E9A636D45005}] => (Allow) LPort=7852
FirewallRules: [{6E652500-4EA1-4D99-9521-FCD236EA8613}] => (Allow) LPort=7853
FirewallRules: [{D3D59CFA-61D6-49C5-8755-8E63F7CA8B8A}] => (Allow) LPort=27022
FirewallRules: [{4C82F4DC-0D7B-4FF7-BFBF-3A249010E6F4}] => (Allow) LPort=6881
FirewallRules: [{DE50155A-D750-4177-9C3F-35C239959DAB}] => (Allow) LPort=33333
FirewallRules: [{657E3324-0748-42F3-9175-CBDF9E83BB63}] => (Allow) LPort=20443
FirewallRules: [{570F4DB6-75C6-4596-92AB-90354F5A161C}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{EBA7C1A3-A754-4A6D-9DCA-95F91D185D01}D:\hry\warthunderdev\win64\aces.exe] => (Allow) D:\hry\warthunderdev\win64\aces.exe
FirewallRules: [UDP Query User{8E30B0AF-041B-4C3D-87E3-392A73AAF4D1}D:\hry\warthunderdev\win64\aces.exe] => (Allow) D:\hry\warthunderdev\win64\aces.exe
FirewallRules: [{2471E963-A3C0-4EB9-9298-6FA3FE8D81F3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1F87CF33-280A-49A4-982C-E9A20CA121EA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{52F179DE-7F5B-402C-B623-E23360A21D80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{625CB129-DD37-46F6-923F-727E2DC2F38B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{18247BFC-914C-402F-9EAA-21F6D9F7D542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C800CC1C-9FC6-4FD8-9255-16654C5F6001}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66457FFF-5DFF-4C00-BCD4-651BC0B951F9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{3B520F5D-11E9-458D-BD2D-8E2A30CE6339}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7C0AB730-4DF5-4FCE-ACC3-7AD21B9634B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{01CEC1CD-BD53-4388-A4AA-29B44D7957F1}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{C3DD9A63-B687-4D07-8909-81C1ACF14A90}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{E59C04B6-498F-46FB-8D8A-46FC1A4C38F2}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{EE7DC5B7-8380-46F5-9074-E33E29F70F2E}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{736FB06C-396D-4ED4-ACCA-79AFD92A7DBF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{934114AC-9F06-457F-9E22-60141FCC1C21}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

16-10-2018 12:34:45 Windows Update
17-10-2018 13:08:16 Checkpoint by HitmanPro
17-10-2018 13:29:33 Checkpoint by HitmanPro
17-10-2018 13:35:20 Checkpoint by HitmanPro
17-10-2018 13:36:33 Checkpoint by HitmanPro
17-10-2018 13:45:30 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2018 05:57:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2018 05:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2018 07:36:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2018 03:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 05:20:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 12:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/20/2018 05:57:12 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/20/2018 05:57:12 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/20/2018 05:57:12 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/20/2018 05:57:12 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (10/20/2018 05:55:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (10/20/2018 05:55:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (10/20/2018 05:55:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/20/2018 05:55:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8172.16 MB
Available physical RAM: 6082.35 MB
Total Virtual: 16342.47 MB
Available Virtual: 13773.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.28 GB) (Free:414.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:1374.73 GB) (Free:717.96 GB) NTFS
Drive g: (odpad) (Fixed) (Total:465.76 GB) (Free:462.06 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5D741478)
Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1374.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 41D041CF)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 19:01
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aombi8rw; C:\Windows\System32\Drivers\aombi8rw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\pat\AppData\Roaming\jpsound.dll
Task: {6A91A009-8331-4DFC-ACC4-443E71CD8668} - System32\Tasks\{34F08B1F-D10F-494B-AECD-933BFBEB0744} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\setup.exe -d C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\ <==== ATTENTION
Task: {823EDF95-8607-40D5-AE99-969FD67407BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {D9A9216F-1A36-4B10-9E41-DF1767EF454E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {E690E1E9-B291-47B3-9B8A-E00A0BF8B91D} - \AutoKMS -> No File <==== ATTENTION

EmptyTemp:
End
Uložte do C:\Users\pat\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 19:11
od TraCker
jinak stále vyskakuje sporadicky pčerušení spojení s např.: ocsp.pki.goog, kde byla zjištěna infekce JS:Miner-AV [Trj], popř. spojení s http://www.james008.net...

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by pat (20-10-2018 20:06:27) Run:1
Running from C:\Users\pat\Downloads
Loaded Profiles: pat (Available Profiles: pat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aombi8rw; C:\Windows\System32\Drivers\aombi8rw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\pat\AppData\Roaming\jpsound.dll
Task: {6A91A009-8331-4DFC-ACC4-443E71CD8668} - System32\Tasks\{34F08B1F-D10F-494B-AECD-933BFBEB0744} => C:\Windows\system32\pcalua.exe -a C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\setup.exe -d C:\Users\pat\AppData\Local\Temp\Rar$EX17.481\Install\ <==== ATTENTION
Task: {823EDF95-8607-40D5-AE99-969FD67407BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {D9A9216F-1A36-4B10-9E41-DF1767EF454E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-17] (Google Inc.)
Task: {E690E1E9-B291-47B3-9B8A-E00A0BF8B91D} - \AutoKMS -> No File <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\aombi8rw => removed successfully
aombi8rw => service removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\pat\AppData\Roaming\jpsound.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A91A009-8331-4DFC-ACC4-443E71CD8668}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A91A009-8331-4DFC-ACC4-443E71CD8668}" => removed successfully
C:\Windows\System32\Tasks\{34F08B1F-D10F-494B-AECD-933BFBEB0744} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34F08B1F-D10F-494B-AECD-933BFBEB0744}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{823EDF95-8607-40D5-AE99-969FD67407BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{823EDF95-8607-40D5-AE99-969FD67407BA}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9A9216F-1A36-4B10-9E41-DF1767EF454E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9A9216F-1A36-4B10-9E41-DF1767EF454E}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E690E1E9-B291-47B3-9B8A-E00A0BF8B91D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E690E1E9-B291-47B3-9B8A-E00A0BF8B91D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12165856 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 355084 B
Edge => 0 B
Chrome => 0 B
Firefox => 321832098 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
pat => 173836521 B

RecycleBin => 544 B
EmptyTemp: => 492.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:06:36 ====

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 19:58
od Rudy
Smazáno. Nastala nějaká změna?

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 20:05
od TraCker
Vůbec nee... Naskakuje mi to pořád dokola... Klidně i bez vypnutého prohlížeče.. A čím dál častěji... Vypadá to na format asi co?

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 20 říj 2018 20:54
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 21 říj 2018 09:26
od TraCker
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 21.10.18
Čas skenování: 10:18
Logovací soubor: db0185b6-d509-11e8-b467-14dae939ded6.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.463
Aktualizovat verzi balíku komponent: 1.0.7447
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: pat-PC\pat

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 236105
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 1 min, 20 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 21 říj 2018 10:12
od Rudy
Tady nic není. Ještě zkuste vyčištění prohlížečů. Spusťte postutpně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin
;






Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... [oz]=8.1.0
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 22 říj 2018 13:28
od TraCker
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by pat on po 22.10.2018 at 13:52:34,58.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\pat\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.10.2018 13:54:57 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Moje zahrada 3D deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\WinRAR deleted successfully
C:\Users\pat\AppData\Local\CrashDumps deleted successfully
C:\Users\pat\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default\prefs.js:

Added to C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEng
---- FireFox user.js and prefs.js backups ----

prefs_22.10.2018_1409_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Moje zahrada 3D not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\WinRAR not found
C:\Users\pat\AppData\Roaming\Visual Studio Setup deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVAST Software deleted
"C:\Users\pat\AppData\Local\AVAST Software\APM\patFfl2.dat" not deleted
"C:\Users\pat\AppData\Local\AVAST Software\APM\pat\kv_pam.db" not deleted
"C:\Users\pat\AppData\Local\AVAST Software" not deleted
"C:\Users\pat\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\pat\AppData\Local\AVAST Software\APM\pat" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\pat\AppData\Roaming\Mozilla\Firefox\Profiles\z1635p9s.default
- C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll - [?]
- C:\PROGRA1\MICROS2\Office14\NPAUTHZ.DLL - [?]


==== Chromium Look ======================

Google Chrome Version: 70.0.3538.67

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Avast Online Security - pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\pat\AppData\Local\Mozilla\Firefox\Profiles\z1635p9s.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=171 folders=51 45898658 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\pat\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\pat\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\pat\AppData\Local\AVAST Software\APM\patFfl2.dat" not found
"C:\Users\pat\AppData\Local\AVAST Software\APM\pat\kv_pam.db" not found
"C:\Users\pat\AppData\Local\AVAST Software" not found

==== EOF on po 22.10.2018 at 14:19:21,38 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by pat (Administrator) on po 22.10.2018 at 14:26:02,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MBLLN0A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89LRDA0P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIB62TUH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V97FH5FJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MBLLN0A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89LRDA0P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIB62TUH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V97FH5FJ (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 22.10.2018 at 14:28:12,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 22 říj 2018 14:57
od Rudy
Změnilo se něco nyní?

Re: Prosím o kontrolu - zlobí [trj]

Napsal: 22 říj 2018 15:11
od TraCker
No abych řekl pravdu zatím je klid. Občas nenačte nějáká stránka, ale minimálně a už se neobjeví blokace od antiviru. Zatím tedy děkuji za pomoc.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz