VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na zavirované PC

https://forum.viry.cz:443/viewtopic.php?t=155134

Stránka 1 z 2

Podezření na zavirované PC

Napsal: 15 lis 2018 14:08
od pan Hankey
Prosím o kontrolu logu. PC se chová poslední dobou divně. Děkuji za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018
Ran by Tom78 (administrator) on STROJ (15-11-2018 14:03:26)
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78 (Available Profiles: Tom78)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera_crashreporter.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe
(Opera Software) C:\Moje\Prohlizece\Opera\56.0.3051.99\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-11-11] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-11] (AVAST Software)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [BloodyKeyboard] => C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe [11374080 2017-11-02] ()
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16442096 2018-07-20] ()
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\MountPoints2: {95829102-b882-11e6-8df2-382c4a636c3b} - I:\winopen.exe "$EXEDIR$\leonardo.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 82.99.143.180 8.8.4.4
Tcpip\..\Interfaces\{3E23E901-49BD-4232-B46C-DCEB20E89345}: [DhcpNameServer] 82.99.143.180 8.8.4.4
Tcpip\..\Interfaces\{45DF80BB-9782-4E8A-B0F0-BAB1888F7B4E}: [DhcpNameServer] 82.99.143.180 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default [2018-11-15]
CHR Extension: (Prezentace) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-18]
CHR Extension: (YouTube) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-18]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-04]
CHR Extension: (Tabulky) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Avast Online Security) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Extension: (uBlock Adblocker Plus) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhflmgomffaphmnbcogleagmloijbkd [2018-08-24]
CHR Profile: C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Tom78\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-11-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-11] (AVAST Software)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [706120 2018-10-23] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7112264 2018-10-02] (GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-11] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-11] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-11] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-11] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-11] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-11] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-11] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-11] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-11] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-11] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-12-02] (Disc Soft Ltd)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-11-08] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-11-11] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199760 2016-12-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2017-04-22] (Duplex Secure Ltd.)
U3 a1iebkei; C:\Windows\System32\Drivers\a1iebkei.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-15 14:03 - 2018-11-15 14:03 - 000013951 _____ C:\Users\Tom78\Desktop\FRST.txt
2018-11-15 14:00 - 2018-11-15 14:00 - 002416128 _____ (Farbar) C:\Users\Tom78\Desktop\FRST64.exe
2018-11-15 13:49 - 2018-11-15 13:49 - 000050688 _____ (Atribune.org) C:\Users\Tom78\Desktop\ATF-Cleaner.exe
2018-11-13 04:31 - 2018-11-13 04:31 - 000001197 _____ C:\Users\Tom78\Desktop\Vetřelci dávnověku I (Ancient Aliens I) 2010 10.epizod – zástupce.lnk
2018-11-12 23:43 - 2018-11-12 23:48 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\discord
2018-11-12 23:42 - 2018-11-13 15:50 - 000000000 ____D C:\Users\Tom78\AppData\Local\Discord
2018-11-12 23:42 - 2018-11-12 23:43 - 000000000 ____D C:\Users\Tom78\AppData\Local\SquirrelTemp
2018-11-11 14:40 - 2018-11-11 14:40 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\com.amanitadesign.chuchel
2018-11-11 14:40 - 2018-11-11 14:40 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Amanita-Design.CHUCHEL
2018-11-11 14:22 - 2018-11-11 14:22 - 000000709 _____ C:\Users\Public\Desktop\CHUCHEL.lnk
2018-10-19 20:10 - 2018-10-19 21:13 - 000030585 _____ C:\Users\Tom78\Desktop\Train Fever - návod.odt
2018-10-18 14:03 - 2018-10-18 14:03 - 000000870 _____ C:\Users\Tom78\Desktop\FRINGE – zástupce.lnk
2018-10-18 13:58 - 2018-10-01 16:47 - 000074576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-10-18 13:48 - 2018-10-18 13:53 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Transport Fever
2018-10-18 13:09 - 2018-10-18 13:09 - 000000802 _____ C:\Users\Public\Desktop\Transport Fever.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-15 14:03 - 2017-12-20 13:30 - 000000000 ____D C:\FRST
2018-11-15 13:44 - 2017-11-08 13:20 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-15 13:37 - 2009-07-14 05:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-15 13:37 - 2009-07-14 05:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-15 13:35 - 2011-04-12 09:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-11-15 13:35 - 2011-04-12 09:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-11-15 13:35 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-15 13:35 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-15 13:29 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-14 20:43 - 2018-08-23 19:18 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-08-23 19:18 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-05-18 13:56 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-14 20:43 - 2018-05-18 13:56 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-14 20:43 - 2018-03-13 14:15 - 000004522 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-14 20:43 - 2018-03-01 19:55 - 000004534 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-14 20:43 - 2018-03-01 19:55 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-14 20:43 - 2018-02-14 11:32 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-02-14 11:32 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-02-14 11:32 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2018-02-14 11:32 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-14 20:43 - 2017-10-04 16:27 - 000003998 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1503746874
2018-11-14 20:43 - 2016-11-06 22:54 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-14 02:38 - 2017-06-30 21:59 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-14 02:38 - 2017-06-30 21:59 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-14 02:38 - 2016-11-07 02:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-14 02:38 - 2016-11-07 02:54 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-14 02:02 - 2017-10-18 22:32 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-14 02:02 - 2017-10-18 22:32 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-14 01:54 - 2017-11-16 22:05 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-12 04:07 - 2018-09-18 12:11 - 000000608 _____ C:\Users\Tom78\Desktop\pondělí 17. září 15 hod - vysílač.txt
2018-11-11 18:23 - 2018-09-27 18:05 - 000000000 ____D C:\Users\Tom78\Documents\The Witcher 3
2018-11-11 14:22 - 2017-04-20 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-11-11 01:33 - 2016-12-04 14:14 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\uTorrent
2018-11-09 14:45 - 2016-11-06 23:25 - 000000000 ____D C:\Moje
2018-11-07 19:37 - 2017-11-07 19:23 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\audacity
2018-11-07 18:22 - 2016-11-08 19:00 - 000007650 _____ C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg
2018-11-05 21:05 - 2016-12-02 20:30 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\DAEMON Tools Lite
2018-10-27 10:43 - 2017-02-07 17:53 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-10-23 14:42 - 2018-09-27 13:30 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-10-21 15:46 - 2016-12-31 12:53 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\vlc
2018-10-18 13:59 - 2017-11-08 13:25 - 000001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-10-18 13:59 - 2017-11-08 13:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-10-18 13:58 - 2017-11-08 13:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-18 13:58 - 2017-11-08 13:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-10-18 13:08 - 2018-09-27 13:25 - 000000000 ____D C:\ProgramData\GOG.com
2018-10-17 02:14 - 2018-10-11 03:25 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

==================== Files in the root of some directories =======

2017-11-21 14:17 - 2017-11-21 15:19 - 000021368 _____ (Schneider Electric) C:\Users\Tom78\en_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000021368 _____ (Schneider Electric) C:\Users\Tom78\es_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000021880 _____ (Schneider Electric) C:\Users\Tom78\fr_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000021880 _____ (Schneider Electric) C:\Users\Tom78\grm_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000021368 _____ (Schneider Electric) C:\Users\Tom78\it_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000020344 _____ (Schneider Electric) C:\Users\Tom78\jp_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 001079808 _____ (Microsoft Corporation) C:\Users\Tom78\mfc80u.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000626688 _____ (Microsoft Corporation) C:\Users\Tom78\msvcr80.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 013923704 _____ (Schneider Electric) C:\Users\Tom78\PCPE Setup.exe
2017-11-21 14:17 - 2017-11-21 15:19 - 000021368 _____ (Schneider Electric) C:\Users\Tom78\pt_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000018808 _____ () C:\Users\Tom78\ResourceReader.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000020856 _____ (Schneider Electric) C:\Users\Tom78\ru_res.dll
2017-11-21 14:17 - 2017-11-21 15:19 - 000019832 _____ (Schneider Electric) C:\Users\Tom78\zh_res.dll
2017-01-12 21:27 - 2018-08-04 20:44 - 000006144 _____ () C:\Users\Tom78\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-20 13:29 - 2017-12-20 15:19 - 000029696 _____ () C:\Users\Tom78\AppData\Local\MSGBOX.EXE
2016-11-08 19:00 - 2018-11-07 18:22 - 000007650 _____ () C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-14 18:44

==================== End of FRST.txt ============================
-------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by Tom78 (15-11-2018 14:03:55)
Running from C:\Users\Tom78\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-11-06 21:06:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4101578857-3757837661-3053645589-500 - Administrator - Disabled)
Guest (S-1-5-21-4101578857-3757837661-3053645589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4101578857-3757837661-3053645589-1002 - Limited - Enabled)
Tom78 (S-1-5-21-4101578857-3757837661-3053645589-1000 - Administrator - Enabled) => C:\Users\Tom78

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel Extreme Trucker 2 (HKLM-x32\...\{A2B65355-E44A-4662-9533-AB5A4A3533ED}) (Version: 1.00.0000 - Valusoft)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Acronis Disk Director (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Aktualizace NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 18.07.0009 - Bloody)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
CHUCHEL (HKLM-x32\...\1825910123_is1) (Version: 1.0.0 - GOG.com)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
KeyDominator2 (HKLM-x32\...\BloodyKeyboard) (Version: 17.11.0002 - Bloody)
Kyodai Mahjongg 2006 v1.2 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 56.0.3051.99 (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Opera 56.0.3051.99) (Version: 56.0.3051.99 - Opera Software)
Organizér (HKLM-x32\...\{4154BF17-EE1F-4F25-9696-2FF191FE0787}) (Version: 5.3.5.1 - Fireluke Software)
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Transport Fever (HKLM-x32\...\1720767912_is1) (Version: 15313 - GOG.com)
Twitch (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.2 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XMedia Recode verze 3.3.8.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.8.6 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-11] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-11] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-11] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-11] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12547792-DDFF-48C7-8B83-04418DCD9FEB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-11] (AVAST Software)
Task: {2EA62DBA-A4B1-45D8-9C35-6F39CB8BCB48} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {35CB327F-6E9E-4873-9EBD-2E148F87CCBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_pepper.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {3E59C0B7-76C5-49F7-B5A5-C5691F969F05} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {3EE88AE8-7744-4E59-90E9-74CE7BAE0511} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-10-10] (NVIDIA Corporation)
Task: {42105C09-E4DC-407F-8C24-B940AF045579} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-10-10] (NVIDIA Corporation)
Task: {44280AF1-02E1-4E8A-BCE8-510CBC8E2DAA} - System32\Tasks\Opera scheduled Autoupdate 1503746874 => C:\Moje\Prohlizece\Opera\launcher.exe [2018-11-06] (Opera Software)
Task: {487B43C7-2953-4DA7-9E92-8641FA88F72D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)
Task: {4DF516E8-F859-44E8-82BC-E2D8A908210D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {5AA301E4-AD64-4B3C-AEAA-DEFB1A0498AE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {5F179D3C-8577-47BF-A610-C18A9684C20F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-10-10] (NVIDIA Corporation)
Task: {64E9CB83-F0FC-4916-951F-704428D043CF} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {74CA4D94-4449-45FE-BB95-53DD6A2A975B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-29] (AVAST Software) <==== ATTENTION
Task: {8B0A83BE-4478-4481-ACD0-6E4291A59EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {8C63EF0D-7842-4070-8FC1-435E85B6CAC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {92D1FC66-356D-4E7F-8D11-DA8ED99A5376} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-10-10] (NVIDIA Corporation)
Task: {A81FFF11-86E8-4DFE-A437-9A77957E25A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {B6C935DC-160E-403F-A14A-4DFD5B568A35} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {BB3F5E3B-DF55-45B5-9414-1B2AF47D9731} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-10-10] (NVIDIA Corporation)
Task: {C3B0B22A-67C2-4563-BAD1-7D4B80586525} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {D42E25D3-C610-4F4C-AFCC-D2AFC066D4AB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-17 02:36 - 2018-03-24 02:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-08-23 19:18 - 2018-10-10 21:04 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 000730328 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-08-23 19:18 - 2018-10-10 21:03 - 101252136 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-11-27 13:26 - 2017-11-02 09:32 - 011374080 _____ () C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe
2018-09-08 15:20 - 2018-07-20 16:58 - 016442096 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
2018-08-23 19:18 - 2018-10-10 21:03 - 002673192 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-08-23 19:18 - 2018-10-10 21:03 - 000138792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-11-07 13:13 - 2018-11-07 13:13 - 104168024 _____ () C:\Moje\Prohlizece\Opera\56.0.3051.99\opera_browser.dll
2018-11-07 13:13 - 2018-11-07 13:13 - 005082200 _____ () C:\Moje\Prohlizece\Opera\56.0.3051.99\libglesv2.dll
2018-11-07 13:13 - 2018-11-07 13:13 - 000116824 _____ () C:\Moje\Prohlizece\Opera\56.0.3051.99\libegl.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-10-11 03:10 - 2018-10-11 03:10 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-11-15 13:33 - 2018-11-15 13:33 - 005702288 _____ () C:\Program Files\AVAST Software\Avast\defs\18111500\algo.dll
2017-11-08 13:21 - 2018-10-10 21:04 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-27 13:26 - 2014-01-10 10:48 - 004260352 _____ () C:\Program Files (x86)\KeyDominator2\KeyDominator2\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2018-03-26 00:07 - 2018-03-26 00:07 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-09-08 15:20 - 2018-01-26 10:50 - 000103152 _____ () C:\Program Files (x86)\Bloody6\Bloody6\DLL\DLL_ZoomControl.dll
2018-09-08 15:20 - 2017-04-17 09:43 - 003852800 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2015-10-16 06:14 - 2015-10-16 06:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\30search.com -> 30search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\31234.com -> 31234.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\34yo.com -> 34yo.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\356563.net -> 356563.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\36site.com -> 36site.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4-counter.com -> 4-counter.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4corn.net -> 4corn.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4pokertips.com -> 4pokertips.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\600pics.com -> 600pics.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\69teenage.com -> 69teenage.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\75tz.com -> 75tz.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\777search.com -> 777search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\777top.com -> 777top.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\7adpower.com -> 7adpower.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\888.sooe.cn -> 888.sooe.cn
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\888net.net -> 888net.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\8da.com -> 8da.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\99livecam.com -> 99livecam.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\a2zlinks.com -> a2zlinks.com

There are 1520 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-10-09 13:30 - 000000042 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.99.143.180 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32A89603-4C93-4E83-96AB-8DB858A5AB73}] => (Block) %SystemDrive%\Moje\DiskDirector\DiskDirector.exe
FirewallRules: [{1D37AC3A-A0A0-46E5-9D31-40F1B00704D9}] => (Block) %SystemDrive%\Moje\DiskDirector\DiskDirector.exe
FirewallRules: [{A8428BF2-B651-4BFB-A229-5A159785B944}] => (Allow) C:\Users\Tom78\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{5AB598F2-4265-4261-B9BB-0ACCB703855B}] => (Allow) C:\Users\Tom78\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{324F436C-E05F-4C4C-83F0-8F0858B97736}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{952F2547-AC48-4238-80EF-4F7E71AEA8D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{01E02B80-E74B-4178-BBE6-BDB8288DC91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe
FirewallRules: [{DA6584F7-F8AE-4CDA-AD16-DEE30ED154F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe
FirewallRules: [{02DC5B5A-75DC-4566-8978-E78C971278CA}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mashinky\Mashinky.exe
FirewallRules: [{FAD87EC9-A0A7-4E60-A7A1-A5C7D7E404C6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mashinky\Mashinky.exe
FirewallRules: [{2209675A-1D62-4978-AEFB-98B6D47E82BF}] => (Block) D:\Games\Sims4\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{5081EE6C-3A20-4F8D-92CB-6E0FD37196E7}] => (Block) D:\Games\Sims4\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{5BE72B0A-3D7C-488D-A6B1-E7E9F6C305D4}] => (Block) D:\Games\Sims4\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{C2A32AAE-C39D-4B0B-AC1F-B761566C8A70}] => (Block) D:\Games\Sims4\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F5C94319-A5C5-4309-BFC0-9B655567239A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mafia III\launcher.exe
FirewallRules: [{0413E448-254F-42E6-A22D-B7B753484642}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mafia III\launcher.exe
FirewallRules: [{07E86486-0FF8-42A1-9DE7-D971D48783E6}] => (Block) %SystemDrive%\Moje\GDT_1.6\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{F3C8EABF-05EC-499C-A27C-530FE8369BAB}] => (Block) %SystemDrive%\Moje\GDT_1.6\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{01C5551B-0E1B-4827-B502-87E7FE4346DD}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{613900FA-CE09-4DF3-B7E3-FE6C56B520BE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{38565617-2243-407C-B0EA-65C07F32F0D6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{CD2B5455-FDD9-4152-A36B-E4E8A9058BFF}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{F2BC386C-9C9F-46CB-B1E7-F201AC7F34F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7D330CD6-AE25-43CE-BAAC-321F36A07D7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B52155A7-3E5D-48D8-AEC5-8600B26B2952}] => (Block) D:\Games\Trucky\18 Wheels of Steel Extreme Trucker 2\bin\win_x86\extremetrucker.exe
FirewallRules: [{6A36DCA0-24F1-417A-9509-3592AC7FAC71}] => (Block) D:\Games\Trucky\18 Wheels of Steel Extreme Trucker 2\bin\win_x86\extremetrucker.exe
FirewallRules: [{4B4A97B0-3FF6-48E2-B8BA-20472EB33043}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{8370320D-557F-4A34-8879-38126EB4FD09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{25E4DCCF-D7D1-4C5D-959A-E387F30F4959}] => (Allow) %SystemDrive%\Moje\Prohlizece\Tor Browser\Browser\firefox.exe
FirewallRules: [{703B904C-4930-4666-A855-BF46CECB2A3D}] => (Allow) %SystemDrive%\Moje\Prohlizece\Tor Browser\Browser\firefox.exe
FirewallRules: [{E6EC7424-35EF-44F8-ABFE-11D1E6995FAB}] => (Allow) %ProgramFiles% (x86)\GOG Galaxy\GalaxyClient.exe
FirewallRules: [{93EA0279-17F2-4DE9-9B78-539BB7823321}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{6B7A720B-FA92-42B3-B253-34D3023977A2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{C9DE37E4-EE1E-4987-B936-21C7A87C2ED4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FDED08AE-EB09-4EED-8015-081405F27CC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A522A5C2-93FE-42F0-9250-EFA2EA4DFB58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD04262D-4A73-4832-96DA-4D062A49FB02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE6A826E-FE0F-46AA-9978-C5D9A1807857}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{E02C0C90-4E31-4A59-9CCC-BE0D512E8B8D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{F1E90B97-0BB4-483C-B9CA-3D1BCA696019}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-11-2018 14:05:53 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2018 01:29:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2018 02:50:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2018 03:46:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/12/2018 02:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2018 12:18:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2018 02:46:02 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

Error: (11/10/2018 11:57:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2018 01:39:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generování kontextu aktivace pro C:\Moje\Audacity\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (11/15/2018 01:28:49 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/15/2018 01:28:49 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/15/2018 01:28:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/15/2018 01:28:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/15/2018 01:28:39 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/14/2018 02:49:24 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/14/2018 02:49:24 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/14/2018 02:49:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.


CodeIntegrity:
===================================

Date: 2017-10-28 14:18:10.956
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.925
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.379
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.348
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:51.423
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:51.392
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:50.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:50.487
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.73 MB
Available physical RAM: 4939.11 MB
Total Virtual: 24291.38 MB
Available Virtual: 20932.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126.95 GB) (Free:61.99 GB) NTFS
Drive d: (Hry) (Fixed) (Total:226.74 GB) (Free:84.79 GB) NTFS
Drive e: () (Fixed) (Total:134.65 GB) (Free:10.47 GB) NTFS
Drive f: () (Fixed) (Total:931.41 GB) (Free:6.47 GB) NTFS
Drive h: (Záloha) (Fixed) (Total:443.16 GB) (Free:32.12 GB) NTFS

\\?\Volume{954ccc49-a461-11e6-a407-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 82382C7D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 12DF12DE)
Partition 1: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=804.6 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 14:13
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 14:35
od pan Hankey
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-14.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-15-2018
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [14/09/2018 10:50:44]
AdwCleaner[S01].txt - [1318 octets] - [14/09/2018 10:53:08]
AdwCleaner[S02].txt - [1379 octets] - [14/09/2018 10:53:37]
AdwCleaner[S03].txt - [1440 octets] - [14/09/2018 10:54:20]
AdwCleaner[S04].txt - [1497 octets] - [14/09/2018 10:55:13]
AdwCleaner[S05].txt - [1562 octets] - [15/11/2018 14:17:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 15:10
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\MountPoints2: {95829102-b882-11e6-8df2-382c4a636c3b} - I:\winopen.exe "$EXEDIR$\leonardo.exe"
U3 a1iebkei; C:\Windows\System32\Drivers\a1iebkei.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Tom78\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {74CA4D94-4449-45FE-BB95-53DD6A2A975B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-29] (AVAST Software) <==== ATTENTION
Task: {8B0A83BE-4478-4481-ACD0-6E4291A59EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {8C63EF0D-7842-4070-8FC1-435E85B6CAC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 15:41
od pan Hankey
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by Tom78 (15-11-2018 15:31:22) Run:1
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78 (Available Profiles: Tom78)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\MountPoints2: {95829102-b882-11e6-8df2-382c4a636c3b} - I:\winopen.exe "$EXEDIR$\leonardo.exe"
U3 a1iebkei; C:\Windows\System32\Drivers\a1iebkei.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Tom78\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {74CA4D94-4449-45FE-BB95-53DD6A2A975B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-29] (AVAST Software) <==== ATTENTION
Task: {8B0A83BE-4478-4481-ACD0-6E4291A59EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {8C63EF0D-7842-4070-8FC1-435E85B6CAC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95829102-b882-11e6-8df2-382c4a636c3b} => removed successfully
HKLM\Software\Classes\CLSID\{95829102-b882-11e6-8df2-382c4a636c3b} => not found
a1iebkei => service not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Tom78\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{74CA4D94-4449-45FE-BB95-53DD6A2A975B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74CA4D94-4449-45FE-BB95-53DD6A2A975B} => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B0A83BE-4478-4481-ACD0-6E4291A59EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B0A83BE-4478-4481-ACD0-6E4291A59EA5}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C63EF0D-7842-4070-8FC1-435E85B6CAC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C63EF0D-7842-4070-8FC1-435E85B6CAC6}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11428295 B
Java, Flash, Steam htmlcache => 353686213 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 734937463 B
Firefox => 0 B
Opera => 433394883 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Tom78 => 86366 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:31:32 ====

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 15:53
od Rudy
Smazáno. Nastala nějaká změna?

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 16:03
od pan Hankey
No ani ne, mám tu třeba jeden soubor, který nejde vůbec smazat a nepřišel jsem na to co s tím je. Ani virus total to nesmazal. Mělo to být něco do nějaké hry, ale nefungovalo to a pak už to nešlo smazat. Složka šla jen přejmenovat (tak jsem jí nazval "nejde smazat") a když jí chci smazat, tak to napíše že soubor neexistuje, ale přitom existuje.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 17:01
od Rudy
Pokud je to z nějaké hry, virus to nebude a nesmažu to ani já. VirusTotal vám řekne, zda je ten soubor čistý, či ne. Některé hry mají bídné odinstalátory. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 18:41
od pan Hankey
Ale to není ze hry, měla to být nějaká rada do hry. Já tu hru neměl ani nainstalovanou a jen jsem stáhnul (nechtěně) ten soubor, ale když jsem lezl na tu stránku tak jsem si myslel že si to jen přečtu. Ono se to ale automaticky stáhlo a od tý doby to nemůžu z pc dostat. Je jasný že nějakej bordel to je a že to tam bylo nastražený. Sken MBAM jsem právě už dělal asi před 2 měsíci a tenhle podivný nesmazatelný soubor to vůbec nenašlo.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 19:08
od Rudy
OK.
1. Chtěl jsem, abyste otestoval ten soubor na VirusTotal.
2. Sken MBAM jsem chtěl proto, abych věděl, jestli tam nemáte nějaký dealší bordel.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 19:37
od pan Hankey
Já to prve napsal blbě. Myslel jsem že ten soubor nejde ani otestovat na virus total. Ted jsem udělal foto pro důkaz co je tam napsáno když s tímto souborem chci cokoliv udělat. Vždycky tam je napsáno že soubor neexistuje. http://leteckaposta.cz/147579088 Ten sken MBAM udělám a pak pošlu log.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 19:59
od Rudy
Jde soubor přejmenovat? Pokud ano, přejmenujte a zkuste smazat. Pokud ne, použijte tento návod: https://jnp.zive.cz/jak-odstranit-nesma ... name-fintu .

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 21:49
od pan Hankey
To taky nejde. Už jsem zkoušel i tenhle program (a i nějaký další) a výsledek je že program napíše "Unlock and delete failed". Právě že si s tím nikdo nedovede poradit a já to prostě nechápu. Udělal jsem taky ten scan MBAM a tady je log s jednou falešnou hrozbou.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 15.11.18
Čas skenování: 21:20
Logovací soubor: defcc216-e913-11e8-a423-00d0b709f296.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.482
Aktualizovat verzi balíku komponent: 1.0.7865
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Stroj\Tom78

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 220305
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 41 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Žádná uživatelská akce, [8046], [393793],1.0.7865

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 21:58
od Rudy
Nejde to ani v nouz. režimu? Položku, kterou nalezl MBAM smažte.

Re: Podezření na zavirované PC

Napsal: 15 lis 2018 22:27
od pan Hankey
Né ani v nouzovým režimu. Fakt už jsem vyzkoušel všechno a nouzový režim byl myslím první pokus. To co našlo MBAM je falešná hrozba, ten program znám a používám na práci. Tohle je známá falešná hrozba, s tím problém není.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz