VIRY.CZ

Nejsem připojen na Net...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-06-2019
Ran by Kengura (administrator) on KENGURA-PC (24-06-2019 16:03:51)
Running from C:\Users\Kengura\Pictures
Loaded Profiles: Kengura (Available Profiles: Kengura)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: H - H:\m.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: I - I:\m.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2013-01-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034133F4-20D6-4608-90CD-C90403E43787} - System32\Tasks\{7E6C0C3F-7AC7-47C5-9ECD-54395B2318CD} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\vcredist_x64.exe" -d "D:\Half Life"
Task: {05A1F426-DE4F-451B-A43C-20F126D517F3} - System32\Tasks\{858E6A57-8E30-4C61-A552-31FFDAA25449} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {0A25FC29-77CE-4CDC-B301-56F428189792} - System32\Tasks\{1E644B9F-37A8-4587-B94C-A444306E413E} => C:\Windows\system32\pcalua.exe -a E:\GDFTHR_inst.exe -d E:\
Task: {0A9495C7-F7D4-4CFC-B3F5-8ED54216FFF8} - System32\Tasks\{6810D009-5302-497C-AC3B-DC98F3EAA823} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "C:\Program Files (x86)\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {112DB0BC-A603-4702-99C8-1CE2E90A6FC9} - System32\Tasks\{50B18B69-DF98-47D0-A443-A98C5956B6EC} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong_v130.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {129709D0-2FA9-4453-9A57-974841762215} - System32\Tasks\{782CD81C-0545-459D-955B-F7D303BA9DB7} => C:\Windows\system32\pcalua.exe -a G:\CRACK\Čeština\MaxPayne2CZ_komplet.exe -d G:\CRACK\Čeština
Task: {14978ECF-6898-4A88-904B-FF347079504C} - System32\Tasks\{FCA47BA9-75D6-4099-ADA2-B343C8905931} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.01 + crack\far_cry_2_1.01.exe" -d "D:\Far Cry 2\Patch 1.01 + crack"
Task: {1B99B09F-7A5A-4818-B9C2-79019F844487} - System32\Tasks\{178D66A8-4A0B-4B2C-8DB0-67865DF065AA} => C:\Windows\system32\pcalua.exe -a D:\Manhunt\cz\cz.exe -d D:\Manhunt\cz
Task: {1FEFD606-98ED-4353-96EF-0024B028EC13} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {20C432A5-FC57-44A2-A5C5-62CC5FDC5DAD} - System32\Tasks\{403F7465-23B6-42F4-B0A4-74F8B133FEED} => C:\Windows\system32\pcalua.exe -a "C:\Nová složka\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Nová složka\Assassin's Creed CZ by Tw22ty"
Task: {264E95FD-A920-47EF-9170-0C1F50A9A846} - System32\Tasks\{72F78116-D245-4599-A955-CCDBF600F92F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game\Odinstalovat.exe" -d "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game"
Task: {268B635D-61AF-41D5-A8AA-DC528FB5AE1A} - System32\Tasks\{89B29A7E-AC41-4F4B-8A6F-5D089CF89C09} => C:\Windows\system32\pcalua.exe -a "D:\Nová složka\CZ\cz\InstallOblivionCZ.exe" -d "D:\Nová složka\CZ\cz"
Task: {270E1E9D-E551-4B08-BCF8-E6953B1C8937} - System32\Tasks\{19144672-213B-4E0A-8C62-5B805948C173} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/cs/abandoninstall?page=tsMain
Task: {2E5CC331-9577-4924-AA58-ADAA70129C9F} - System32\Tasks\{77959336-2A4E-443E-8EA2-9C6B7B09365E} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\Oblinion\cz_oblivion_standard_1.05\InstallOblivionCZ.exe -d D:\Češtiny\Oblinion\cz_oblivion_standard_1.05
Task: {2E8EE109-EA2C-4AF6-898F-4F9C8FCE828B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {2E8EE109-EA2C-4AF6-898F-4F9C8FCE828B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {2EF37033-CFC4-4B4A-8EF7-18B7649B8209} - System32\Tasks\{0FEEA325-EDA6-45FC-A2C6-2248D4A25066} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {3253721E-4FBD-4BAD-AAD9-F5F56AF39E9C} - System32\Tasks\{80702A4C-4AB2-4D95-BB14-67DA77B01443} => C:\Windows\system32\pcalua.exe -a E:\GDFTHR_uninst.exe -d E:\
Task: {36437A5C-E7F3-472E-9821-CD07E4F16A19} - System32\Tasks\{646A331F-45B2-45E0-8848-EC8A2238DDEC} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\mohpacificassault_cz.exe -d D:\Češtiny
Task: {36C977BE-4266-41E5-A1CF-97FEC618318B} - System32\Tasks\{5624CF3A-AA0B-4238-97C5-DA1EBC153E16} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Desktop\DVD1\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Users\Kengura\Desktop\DVD1\Assassin's Creed CZ by Tw22ty"
Task: {3C302C3F-D05B-49D2-88C4-F88ADB54C454} - System32\Tasks\{B120B17E-0A9F-4244-96A6-DAFCDDA963FA} => C:\Windows\system32\pcalua.exe -a F:\far_cry_v1.32.exe -d F:\
Task: {3C4C4868-0DFA-4068-8F9C-EFE0D8B9C7CC} - System32\Tasks\{1C094734-8764-414D-A046-94C65B799FBD} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {40A177AE-CD31-49FE-AC7E-73BBAD55B115} - System32\Tasks\{8BD692AD-85FC-432B-85A1-DC2168DEDFE6} => C:\GOG Games\The Witcher 2 Assassins of Kings\Launcher.exe
Task: {40A2787F-AC5D-4CE2-9495-12C6F47F5801} - System32\Tasks\{F3C5C2CE-B304-46F4-97F5-40292B4A680E} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong_v141.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {45B2AC2E-7D94-4894-9399-897FAF6C1EA1} - System32\Tasks\{256334CB-D171-426E-B3F5-CDBF56249674} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong-v160.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {4620D7B1-8400-4A87-81F1-7B4B39F2D721} - System32\Tasks\{6E904970-3CD1-4D6C-ACC6-454297A90B98} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\HalfLife2_CZ.exe" -d "D:\Half Life"
Task: {4B59F7B8-7A48-4239-8E40-F7C59310483F} - System32\Tasks\{A6B5AD12-171A-4E8B-BA60-5B425D65126A} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {4C5D6D63-3650-4634-8841-CFC53D94FC5D} - System32\Tasks\{CEA487D2-DF66-414C-9DDE-75DD792E04A8} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\hl2_ep_cz.exe -d C:\Users\Kengura\Desktop
Task: {4FB274B8-2D94-46C4-A7DD-9E4A9AE6C70A} - System32\Tasks\{7388A0C8-FCBA-4C6C-900F-CFBD7CB101CC} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {56391FCD-AD2F-47A4-9295-B5BF018B3D94} - System32\Tasks\{39F63C95-859A-49DF-A046-F12E1ACBF3A2} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.03 + crack\far_cry_2_1.03.exe" -d "D:\Far Cry 2\Patch 1.03 + crack"
Task: {57159F6D-91CC-4FA2-B8DB-45866B9CB193} - System32\Tasks\{BF0965C6-7032-407E-93BD-F589FABBA642} => C:\GOG Games\The Witcher 2 Assassins of Kings\Launcher.exe
Task: {58BEA721-38EA-46A7-916B-3EF4EE5039DF} - System32\Tasks\{BB098232-5762-4739-8E0B-A999188B8BAA} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\assassins_creed_1.02.exe -d D:\Češtiny
Task: {606AA06C-0A06-4136-A98E-D91FBCED90DE} - System32\Tasks\{22471DC0-8704-4B42-8DD5-919580EF3169} => C:\Windows\system32\pcalua.exe -a "F:\Potřebné programy\Ubisoft Game Launcher\UbisoftGameLauncherInstaller.exe" -d "F:\Potřebné programy\Ubisoft Game Launcher"
Task: {661926E9-5299-4BBD-8DD3-92CF169E6E51} - System32\Tasks\{600C9C37-2D55-43EA-A0E1-73326F7EF38D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe" -d C:\Users\Kengura\Desktop
Task: {66433877-4512-4F82-9E64-D043BB2C93B6} - System32\Tasks\{246639CD-5F59-434B-8F3B-4C567D76B2BF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty - Black Ops\Redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Activision\Call of Duty - Black Ops\Redist"
Task: {669D4148-FA6A-43CB-8511-48A84AB52223} - System32\Tasks\Norton Security Scan for Kengura => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
Task: {70EBBB9A-3748-4213-A901-A676FC4899EA} - System32\Tasks\{C9785EA8-9991-48F6-A759-C2811ACEECAD} => C:\Windows\system32\pcalua.exe -a F:\AC2.part01.exe -d F:\
Task: {73CD4531-ED74-47E6-B405-55A1822A6D8B} - System32\Tasks\{3408B213-E2BD-41E7-9777-C2D723CD04B5} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\cz_moh_pacific_assault\mohpacificassault_cz.exe -d C:\Users\Kengura\Desktop\cz_moh_pacific_assault
Task: {74EFD15F-274A-4049-A731-B6DC9D4A9F24} - System32\Tasks\{471383DC-0CF7-4011-84EA-559169489C0C} => C:\Program Files (x86)\Cenega Czech\VIETCONG\vietcong.exe
Task: {77886FCE-2755-4F9A-94DA-D62FD9230BAA} - System32\Tasks\{C25F5777-F70F-4D99-AE0C-F288AD5E26B1} => C:\Windows\system32\pcalua.exe -a "D:\Assassins Creed\assassins_creed_1.02.exe" -d "D:\Assassins Creed"
Task: {7906EE58-EE3A-407C-BAB9-9891C7176912} - System32\Tasks\{CB7B2527-D182-4C5D-9087-54096CA3833B} => C:\Windows\system32\pcalua.exe -a D:\Oblivion.cz\cz_oblivion_standard_1.05\InstallOblivionCZ.exe -d D:\Oblivion.cz\cz_oblivion_standard_1.05
Task: {79C19AF2-C56E-45F7-8C01-C021B6F014B4} - System32\Tasks\{631D0B84-5148-4D81-BBC1-41ACBDE5481D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mafia\Setup.exe" -d "C:\Program Files\Mafia"
Task: {7A6235C4-DD46-4DF6-80F5-CA8F945FCF5A} - System32\Tasks\{0BFB0B7F-5F54-4D63-98F0-F56955FB3CF0} => C:\Windows\system32\pcalua.exe -a G:\GDFTHR_inst.exe -d G:\
Task: {7D758CDF-DDA4-40FB-907A-61813231DAAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-07] (Google Inc -> Google Inc.)
Task: {7D7E4CCB-ABD5-44A0-B1A3-48B81754ECB1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7E558DAF-4005-493C-A162-C088DC6704B0} - System32\Tasks\{4BD9D941-FBBD-4CC6-B75E-90C2983F1151} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\cod_uo_cestina.exe -d D:\Češtiny
Task: {818FE93D-7352-4786-97EF-4F8B801D8BAB} - System32\Tasks\{81B3ED82-0F5A-4FDC-9F6E-41E6AFA5E86D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Translator_2016"
Task: {83F9AC61-40FE-4196-9476-59638A5EC030} - System32\Tasks\{C260F016-B648-4F0B-9894-A58B36D10A56} => C:\Windows\system32\pcalua.exe -a D:\Manhunt\Manhunt2CZE.exe -d D:\Manhunt
Task: {8B578532-D64E-4D7F-819C-6C7BDA0BE72E} - System32\Tasks\{218F1408-B4AA-469A-A8B4-0DF12E089EDE} => C:\Windows\system32\pcalua.exe -a D:\Gothi\Gothic_3_MDS_EU.exe -d D:\Gothi
Task: {8BBFFB8C-95E7-4EA0-A566-D5C76F4CDCC5} - System32\Tasks\{8512B359-7FB1-48FE-90BF-B3C3DB6CB5AF} => C:\Windows\system32\pcalua.exe -a D:\Instal\Translator_2016\TRNIKONY.EXE -d D:\Instal\Translator_2016
Task: {8BEEA774-9B54-47EE-836A-5B55663EBF25} - System32\Tasks\{5C66CBA1-6087-472F-ADDC-B3ACD5A4B065} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {8C4A02E2-237C-40C3-9F95-9D754B90188D} - System32\Tasks\{CCA2EB60-19EB-4FF6-BA70-D3D0750E6F02} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\hl2_ep_cz.exe" -d "D:\Half Life"
Task: {8D47791B-6463-4185-858E-2346F900F9F9} - System32\Tasks\{91EF7452-2219-4546-97C6-42B0A73A9781} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {947CC427-784E-40F4-8A62-D17E50646923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-07] (Google Inc -> Google Inc.)
Task: {956543F2-F2B1-459D-B5E0-8E819796455C} - System32\Tasks\{8B72E981-D81B-47B8-ADBD-81C8438D8787} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Desktop\Nová složka\Setup.EXE" -d "C:\Users\Kengura\Desktop\Nová složka"
Task: {99AD046F-2027-4763-92FD-387A36D341C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9AC3A4B1-357B-4386-A424-C0F47FE37443} - System32\Tasks\{F1069528-A8A5-43FD-A9E1-0FEE54E35E85} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Videos\max payne 2 čeština a patch\MaxPayne2cestina.exe" -d "C:\Users\Kengura\Videos\max payne 2 čeština a patch"
Task: {A62C8294-0F97-4442-B807-A9BFC5E151A3} - System32\Tasks\{6DE04359-2890-4F43-A39C-429C3A42208F} => C:\Windows\system32\pcalua.exe -a E:\AMD-64BIT_PATCH\SORM_32BIT-AMD64BIT.EXE -d E:\AMD-64BIT_PATCH
Task: {AD8D910F-A632-410A-AED5-C3D772E91391} - System32\Tasks\{525C8C3B-9F12-4673-A06A-69F744F208DC} => C:\Program Files (x86)\Cenega Czech\VIETCONG\vietcong.exe
Task: {B25F336E-8D53-44FD-B717-1ACC9BF1B6F9} - System32\Tasks\{0BDD501F-55CD-405D-A300-6011213A9E80} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {B735ABB3-5C54-4364-B346-944ED3500324} - System32\Tasks\{5805A922-B392-442C-B23F-6BEDA60E9396} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\cod_uo_cestina.exe -d C:\Users\Kengura\Desktop
Task: {B9BD6340-EE2C-4225-A4C1-E7E6E934555A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B9BD6340-EE2C-4225-A4C1-E7E6E934555A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {BC2D01BF-0B6D-4130-915C-55D42C7138DB} - System32\Tasks\{C1927AA2-3A17-4076-8D97-94C87770164C} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.02 + crack\far_cry_2_1.02.exe" -d "D:\Far Cry 2\Patch 1.02 + crack"
Task: {BC788224-2B9E-4968-A439-B7BCD5CA0573} - System32\Tasks\{466745EC-5C0B-48CF-802A-F8E675AD5EB9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Nová složka\DVD1\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Program Files (x86)\Nová složka\DVD1\Assassin's Creed CZ by Tw22ty"
Task: {C10964D6-1ABD-4CEA-9082-5BA8708B7436} - System32\Tasks\{7D7FE2CC-3A70-44C9-B18E-35665D7785D9} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {C14A5141-0498-4D72-8140-3DBD96F50A7E} - System32\Tasks\{881E1FB6-DF9F-4F85-9AC1-1C6E6D11141F} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {CF14EAFC-78CB-48F3-9646-80C28904965A} - System32\Tasks\{50923AF9-D634-4E90-9215-B3D304D6C572} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Bonusy\Far Cry 2 - The Fortune's Pack\F2FP_setup.exe" -d "D:\Far Cry 2\Bonusy\Far Cry 2 - The Fortune's Pack"
Task: {DAA0E401-F7D9-476E-BD11-0AB9DDEF77F5} - System32\Tasks\{2E6DDF41-D032-4AEB-BBE9-59D6EADD4079} => C:\Windows\system32\pcalua.exe -a "D:\FAr Cry\farcry_amd64upgrade_us_uk.exe" -d "D:\FAr Cry"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
Task: {EBAD9728-D2A1-4909-9248-F824BBE90AFE} - System32\Tasks\{713AC9CC-C970-4A23-905F-ECD2456E2EF1} => C:\GOG Games\The Witcher Enhanced Edition Director's Cut\launcher.exe
Task: {F0617499-8A8F-4806-B9FA-F7CBB7C7E552} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F63F3EA8-C076-4137-A252-BD3337870F51} - System32\Tasks\{78DE7B11-5507-4BE7-8B4B-72326267C7A0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game\GDFTHR_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game"
Task: {F7AEB2B7-05F9-4412-8420-9D9AA0E82A39} - System32\Tasks\{DE3310A4-F167-4C26-B584-1CB97D86DDF5} => C:\Windows\system32\pcalua.exe -a "C:\Nová složka\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Nová složka\Assassin's Creed CZ by Tw22ty"
Task: {FAFD5085-A263-443F-A5FB-E074270079C5} - System32\Tasks\{086F1C2C-E2F7-49B6-8CCC-2BC8C0EAF3E2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Ubisoft\Assassin's Creed II\UbisoftGameLauncherInstaller.exe" -d "C:\Program Files\Ubisoft\Assassin's Creed II"
Task: {FD8AF20B-27DE-4BAF-8749-8BDC75B9D4C9} - System32\Tasks\{2DE264B9-9F04-4B5C-928D-471D1B5DFB7D} => C:\GOG Games\The Witcher Enhanced Edition Director's Cut\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Norton Security Scan for Kengura.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{1FF80274-5A8A-4731-92C6-A2EA8D10DC61}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{B8835B1F-9A53-4FF1-92A4-90FF0D73217C}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.cz/
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default [2019-06-23]
FF user.js: detected! => C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default\user.js [2014-09-04]
FF Homepage: Mozilla\Firefox\Profiles\m2usc0l4.default -> hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-02] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-02] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-02] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-02] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2263194865-3938205509-2482612845-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-13] (Ubisoft Entertainment Sweden AB -> )

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2019-02-01] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2019-02-01] (Even Balance, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47616 2006-06-27] (Advanced Micro Devices, Inc. -> AMD, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [82048 2011-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [42624 2011-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S2 CLFCL5.18; C:\Windows\System32\DRIVERS\CLFCL5.18\000.fcl [46848 2018-11-12] (CyberLink Corp. -> CyberLink Corp.)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [X]
S0 pelhmrss; System32\drivers\ujenbxfs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-24 16:03 - 2019-06-24 16:03 - 000000000 ____D C:\FRST
2019-06-20 12:56 - 2019-06-20 12:56 - 000000110 ____H C:\Users\Kengura\Desktop\Obraz0118.jpg.uid-zps
2019-06-07 11:55 - 2019-06-08 15:50 - 000000000 ____D C:\Program Files (x86)\Activision

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-24 16:01 - 2014-06-27 14:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-24 16:01 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-24 11:21 - 2018-02-05 17:33 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-24 11:20 - 2009-07-14 06:45 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-24 11:20 - 2009-07-14 06:45 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-24 11:18 - 2009-07-14 17:18 - 000671796 _____ C:\Windows\system32\perfh005.dat
2019-06-24 11:18 - 2009-07-14 17:18 - 000142392 _____ C:\Windows\system32\perfc005.dat
2019-06-24 11:18 - 2009-07-14 07:13 - 001591814 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-24 11:18 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-06-20 11:59 - 2019-04-24 14:54 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2019-06-11 11:09 - 2015-05-01 14:41 - 000000456 ____H C:\Windows\Tasks\Norton Security Scan for Kengura.job
2019-05-30 12:39 - 2019-04-24 14:56 - 000000000 ____D C:\FFOutput

==================== Files in the root of some directories ================

2019-04-05 16:31 - 2015-11-17 16:01 - 000000422 _____ () C:\Program Files\update-ASCreedSyndicate.bat
2019-04-05 16:31 - 2013-10-12 20:47 - 000000732 _____ () C:\Program Files\visit-www.nosteam.ro.html
2014-10-29 15:18 - 2014-10-29 15:19 - 000002292 _____ () C:\Users\Kengura\AppData\Roaming\ASSDraw3.cfg
2014-06-28 23:09 - 2018-02-23 16:20 - 000099384 _____ () C:\Users\Kengura\AppData\Roaming\inst.exe
2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Users\Kengura\AppData\Roaming\MafiaSetup.exe
2014-06-28 23:09 - 2018-02-23 16:20 - 000007859 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.cat
2014-06-28 23:09 - 2018-02-23 16:20 - 000001167 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.inf
2014-06-28 23:09 - 2018-02-23 16:20 - 000000055 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.log
2014-06-28 23:09 - 2018-02-23 16:20 - 000082816 _____ (VSO Software) C:\Users\Kengura\AppData\Roaming\pcouffin.sys
2016-02-22 17:56 - 2018-10-27 10:27 - 000047648 _____ () C:\Users\Kengura\AppData\Roaming\SLOVA.WAV
2016-02-22 17:56 - 2018-10-27 10:27 - 000047248 _____ () C:\Users\Kengura\AppData\Roaming\TMP.WAV
2014-06-28 23:09 - 2018-02-21 18:26 - 000001041 _____ () C:\Users\Kengura\AppData\Roaming\vso_ts_preview.xml
2017-12-11 16:57 - 2017-12-11 16:57 - 000003584 _____ () C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 19:39 - 2016-02-28 17:30 - 000007598 _____ () C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-12 12:42
==================== End of FRST.txt ============================

Chyba Addition.txt navod - https://forum.viry.cz/viewtopic.php?f=13&t=154679

marek5816 píše: Chyba Addition.txt navod - https://forum.viry.cz/viewtopic.php?f=13&t=154679

Je o ono?
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kengura at 2019-06-28 16:59:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 400 GB (81%) free of 495 GB
Total RAM: 3839 MB (70% free)

HijackThis download failed

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
taskeng.exe {BB51BEA6-EBC4-44EB-A7EC-38DA0BEDA197}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1180401869291632614-1143825822-1137320359-13721497161341761226-1578559261845082453
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0b36f0da-0a41-417a-a723-33c581b3a1ed -SystemEventPortName:HostProcess-b2e51541-f6e5-4a94-9ab4-9c879d95960f -IoCancelEventPortName:HostProcess-f04c6c55-8908-41a7-8cc9-4cb1b7b2fd08 -NonStateChangingEventPortName:HostProcess-55f98960-52b9-424e-a485-4137b7a575c3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:48c66548-06ff-4e98-8c60-a146b0327979 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
wmiadap.exe /F /T /R
"C:\Users\Kengura\Pictures\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Kengura.job - C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe /scan-quick /scheduled

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-02 473664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-02 187968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-03-29 13513288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2013-01-08 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12 998088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2019-04-04 22515488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-11-14 2397120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD18Agent]
C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe [2018-11-12 528840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2014-06-27 408888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05 587288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-06-28 16:56:04 ----D---- C:\rsit
2019-06-28 16:56:04 ----D---- C:\Program Files\trend micro
2019-06-27 11:27:02 ----D---- C:\FFOutput
2019-06-25 10:31:27 ----SHD---- C:\$RECYCLE.BIN
2019-06-24 16:15:15 ----D---- C:\Windows\erdnt
2019-06-24 16:03:19 ----D---- C:\FRST
2019-06-07 11:55:53 ----D---- C:\Program Files (x86)\Activision

======List of files/folders modified in the last 1 month======

2019-06-28 16:57:07 ----D---- C:\Windows\Temp
2019-06-28 16:56:09 ----D---- C:\Windows\Prefetch
2019-06-28 16:56:04 ----RD---- C:\Program Files
2019-06-28 16:54:55 ----D---- C:\ProgramData\NVIDIA
2019-06-28 10:47:37 ----D---- C:\Windows\System32
2019-06-28 10:47:37 ----D---- C:\Windows\inf
2019-06-28 10:47:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-06-27 10:12:47 ----D---- C:\Windows\system32\LogFiles
2019-06-27 10:12:38 ----D---- C:\Windows
2019-06-26 16:05:23 ----D---- C:\Windows\system32\config
2019-06-26 16:04:29 ----SHD---- C:\System Volume Information
2019-06-26 14:21:49 ----D---- C:\Program Files (x86)\FormatFactory
2019-06-26 14:21:12 ----RD---- C:\Program Files (x86)
2019-06-24 16:15:27 ----D---- C:\Windows\system32\drivers
2019-06-23 11:17:36 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2013-01-08 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2013-01-08 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-06-27 131856]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-29 3379272]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-03-20 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 27584]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-11-14 56384]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-02-01 819784]
S0 pelhmrss;pelhmrss; C:\Windows\System32\drivers\ujenbxfs.sys []
S2 CLFCL5.18;CyberLink FCL Service 5.18; C:\Windows\system32\DRIVERS\CLFCL5.18\000.fcl [2018-11-12 46848]
S2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys []
S3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2006-06-27 47616]
S3 AsrCDDrv;AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 DCamUSBSTK02N;Standard Camera; C:\Windows\system32\DRIVERS\STK02NW2.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2013-01-08 71168]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-12-28 1547616]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2013-01-08 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2013-01-08 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2013-01-08 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2013-10-02 29696]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2013-01-08 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2013-01-08 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2013-01-08 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-11-14 1163712]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2521024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2019-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2019-02-01 107832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 3632576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 107848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-02 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Nie, poslali ste mi log z RSIT o ktorom neni ani zmienka v navode. Precitajte si dany postup a navod poriadne aby ste to spravili spravne

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

Potom znova sprav scan, a posli obidva logy z FRST (FRST.txt a Addition.txt) navod - https://forum.viry.cz/viewtopic.php?f=13&t=154679

marek5816 píše:Nie, poslali ste mi log z RSIT o ktorom neni ani zmienka v navode. Precitajte si dany postup a navod poriadne aby ste to spravili spravne


Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

Potom znova sprav scan, a posli obidva logy z FRST (FRST.txt a Addition.txt) navod - https://forum.viry.cz/viewtopic.php?f=13&t=154679

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2019
Ran by Kengura (05-07-2019 12:57:11)
Running from C:\Users\Kengura\Pictures
Windows 7 Professional Service Pack 1 (X64) (2014-06-27 10:30:08)
Boot Mode: Normal Doufám,že jsem to zas nezvoral
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2263194865-3938205509-2482612845-500 - Administrator - Disabled)
Guest (S-1-5-21-2263194865-3938205509-2482612845-501 - Limited - Disabled)
Kengura (S-1-5-21-2263194865-3938205509-2482612845-1000 - Administrator - Enabled) => C:\Users\Kengura

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)
ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
CyberLink PowerDVD 18 (HKLM-x32\...\{0F4F617F-E8D5-46A3-A0F9-43855182A3B1}) (Version: 18.0.2307.62 - CyberLink Corp.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Far Cry (AMD64 Exclusive Content Update) (HKLM\...\{2304A2EE-010B-43EE-90F8-2218FB93244E}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Patch 1.32 AMD64) (HKLM\...\{02A116A8-E559-488C-879C-B212F3EA963A}) (Version: 1.00.0000 - Ubisoft) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LightScribe 1.4.136.1 (HKLM-x32\...\{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}) (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Medal of Honor - Allied Assault War Chest (HKLM-x32\...\GOGPACKMEDALOFHONORPACK_is1) (Version: 2.0.0.21 - GOG.com)
Medal of Honor Allied Assault v 1.0.0.1 (HKLM-x32\...\Medal of Honor Allied Assault v 1.0.0.1_is1) (Version: - .)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{B28B351F-1232-46EA-85EF-B8EA91641029}) (Version: 7.02.5017 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.47 - VSO Software)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: 16.0.1.7 - ZONER software)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [$PowerDVD18] -> {EF1ED1FB-2224-4150-B12A-CDDE6D442D5A} => C:\ProgramData\CyberLink\PowerDVD18\OpenWith\PDVD_Shell64.dll [2018-11-12] (CyberLink Corp. -> CyberLink Corp.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-27] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-27] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-27] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Kengura\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.imperiaonline.org/?ref_ad=src123

==================== Loaded Modules (Whitelisted) ==============

2006-12-14 17:49 - 2006-12-14 17:49 - 000032768 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2006-12-14 17:49 - 2006-12-14 17:49 - 000081920 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2006-12-14 17:49 - 2006-12-14 17:49 - 000061440 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2017-04-22 13:18 - 2017-04-22 13:18 - 000548864 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCP80.dll
2017-04-22 13:18 - 2017-04-22 13:18 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2014-06-27 16:15 - 2016-11-14 14:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> http://www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> http://www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008k.com -> http://www.008k.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123simsen.com -> http://www.123simsen.com

There are 7937 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-05-17 13:21 - 000454441 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 http://www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 http://www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 http://www.123moviedownload.com

There are 15598 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PowerDVD18Agent => "C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{180647CE-CD26-462D-8C88-8F9D06C51512}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BEA36291-F47D-43C7-B6D4-56405C29A2B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A6E384AC-C0D4-4170-9BDF-DACA85F4FD91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{181A614B-2827-4197-80FA-989C0556181A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A70008D5-2976-4F69-A6BE-CEF7194F0B86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87061B7D-B996-452E-9EA5-A8E7C13C2442}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A79ABCB4-3DB0-47FC-94FA-EDC91CA0EAE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E8CC1805-0AB2-4D6F-99CC-601F3C4CFBB2}] => (Allow) H:\Nová složka\uTorrent\utorrent.exe No File
FirewallRules: [{6555E198-DB89-42C2-9043-279ED6ABF1A7}] => (Allow) H:\Nová složka\uTorrent\utorrent.exe No File
FirewallRules: [{C8A478A8-14F5-4827-913A-52A2BD447DCE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C03B2F9A-997A-45AD-8DDE-693E27340504}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{D1EEDBC9-A015-4DC0-B3DF-5548E3C744CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A99A5C13-145A-4F75-B791-E02B30AD6D1B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{51E2EBD1-B94E-4415-B059-6A00A887ECCB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D119A1B4-D222-4A27-B85C-7196BF6CC96B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{DB5BA41B-CB8B-46C7-A7EC-A988BEF4D2B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{7156E19A-0A5B-4AD6-8872-739B8A1FF8C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A6C5ABBF-0251-459B-9BC0-F9D397B2DE77}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{06FE872A-8529-4D54-9477-3B39A02442CF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{673B6BDD-6021-451A-BEA0-8290EE4AB8D4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{CCA48F8F-ED5D-4C9B-BA32-15E07FA03DD5}] => (Allow) G:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe No File
FirewallRules: [{B44FAB86-3257-4641-BC0B-3D058ECFD823}] => (Allow) G:\FormatFactory\FormatFactory.exe No File
FirewallRules: [{382585CA-C397-447A-A53E-9A83A84CAE85}] => (Allow) G:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe No File
FirewallRules: [{DA967A8B-CB7B-4E07-B253-99481E3B1F7D}] => (Allow) G:\FormatFactory\FormatFactory.exe No File

==================== Restore Points =========================

03-05-2019 15:55:07 Naplánovaný kontrolní bod
14-05-2019 11:38:57 Naplánovaný kontrolní bod
29-05-2019 16:45:05 Naplánovaný kontrolní bod
10-06-2019 18:22:15 Naplánovaný kontrolní bod
26-06-2019 16:04:13 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: AMD 760G
Description: AMD 760G
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: atikmdag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/05/2019 12:54:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
pelhmrss

Error: (07/05/2019 12:54:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (07/05/2019 12:54:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CyberLink FCL Service 5.18 neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (07/05/2019 10:35:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
pelhmrss

Error: (07/05/2019 10:35:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (07/05/2019 10:35:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CyberLink FCL Service 5.18 neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.


Windows Defender:
===================================
Date: 2015-07-04 15:29:57.214
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{08C42925-0FB3-45FF-8856-C690E60E553C}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Kengura-PC\Kengura

CodeIntegrity:
===================================

Date: 2019-07-05 12:54:39.655
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-05 12:54:39.546
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-05 10:35:51.986
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-05 10:35:51.861
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-04 13:34:14.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-04 13:34:14.795
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-04 10:42:28.191
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-04 10:42:28.082
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 08/23/2013
Motherboard: ASRock 960GC-GS FX
Processor: AMD Athlon(tm) Dual Core Processor 4850e
Percentage of memory in use: 75%
Total physical RAM: 3839.24 MB
Available physical RAM: 946.02 MB
Total Virtual: 7676.68 MB
Available Virtual: 4413.13 MB

==================== Drives ================================

Drive c: (Sys) (Fixed) (Total:483.3 GB) (Free:388.59 GB) NTFS
Drive d: (Data) (Fixed) (Total:448.11 GB) (Free:91.03 GB) NTFS

\\?\Volume{1bedb9ff-fde1-11e3-8155-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0E265546)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=483.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-06-2019
Ran by Kengura (administrator) on KENGURA-PC (01-07-2019 16:38:42)
Running from C:\Users\Kengura\Pictures
Loaded Profiles: Kengura (Available Profiles: Kengura)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: H - H:\m.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: I - I:\m.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2013-01-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034133F4-20D6-4608-90CD-C90403E43787} - System32\Tasks\{7E6C0C3F-7AC7-47C5-9ECD-54395B2318CD} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\vcredist_x64.exe" -d "D:\Half Life"
Task: {05A1F426-DE4F-451B-A43C-20F126D517F3} - System32\Tasks\{858E6A57-8E30-4C61-A552-31FFDAA25449} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {0A25FC29-77CE-4CDC-B301-56F428189792} - System32\Tasks\{1E644B9F-37A8-4587-B94C-A444306E413E} => C:\Windows\system32\pcalua.exe -a E:\GDFTHR_inst.exe -d E:\
Task: {0A9495C7-F7D4-4CFC-B3F5-8ED54216FFF8} - System32\Tasks\{6810D009-5302-497C-AC3B-DC98F3EAA823} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "C:\Program Files (x86)\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {112DB0BC-A603-4702-99C8-1CE2E90A6FC9} - System32\Tasks\{50B18B69-DF98-47D0-A443-A98C5956B6EC} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong_v130.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {129709D0-2FA9-4453-9A57-974841762215} - System32\Tasks\{782CD81C-0545-459D-955B-F7D303BA9DB7} => C:\Windows\system32\pcalua.exe -a G:\CRACK\Čeština\MaxPayne2CZ_komplet.exe -d G:\CRACK\Čeština
Task: {14978ECF-6898-4A88-904B-FF347079504C} - System32\Tasks\{FCA47BA9-75D6-4099-ADA2-B343C8905931} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.01 + crack\far_cry_2_1.01.exe" -d "D:\Far Cry 2\Patch 1.01 + crack"
Task: {1B99B09F-7A5A-4818-B9C2-79019F844487} - System32\Tasks\{178D66A8-4A0B-4B2C-8DB0-67865DF065AA} => C:\Windows\system32\pcalua.exe -a D:\Manhunt\cz\cz.exe -d D:\Manhunt\cz
Task: {1FEFD606-98ED-4353-96EF-0024B028EC13} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {20C432A5-FC57-44A2-A5C5-62CC5FDC5DAD} - System32\Tasks\{403F7465-23B6-42F4-B0A4-74F8B133FEED} => C:\Windows\system32\pcalua.exe -a "C:\Nová složka\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Nová složka\Assassin's Creed CZ by Tw22ty"
Task: {264E95FD-A920-47EF-9170-0C1F50A9A846} - System32\Tasks\{72F78116-D245-4599-A955-CCDBF600F92F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game\Odinstalovat.exe" -d "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game"
Task: {268B635D-61AF-41D5-A8AA-DC528FB5AE1A} - System32\Tasks\{89B29A7E-AC41-4F4B-8A6F-5D089CF89C09} => C:\Windows\system32\pcalua.exe -a "D:\Nová složka\CZ\cz\InstallOblivionCZ.exe" -d "D:\Nová složka\CZ\cz"
Task: {270E1E9D-E551-4B08-BCF8-E6953B1C8937} - System32\Tasks\{19144672-213B-4E0A-8C62-5B805948C173} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/cs/abandoninstall?page=tsMain
Task: {2E5CC331-9577-4924-AA58-ADAA70129C9F} - System32\Tasks\{77959336-2A4E-443E-8EA2-9C6B7B09365E} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\Oblinion\cz_oblivion_standard_1.05\InstallOblivionCZ.exe -d D:\Češtiny\Oblinion\cz_oblivion_standard_1.05
Task: {2E8EE109-EA2C-4AF6-898F-4F9C8FCE828B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {2E8EE109-EA2C-4AF6-898F-4F9C8FCE828B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {2EF37033-CFC4-4B4A-8EF7-18B7649B8209} - System32\Tasks\{0FEEA325-EDA6-45FC-A2C6-2248D4A25066} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {3253721E-4FBD-4BAD-AAD9-F5F56AF39E9C} - System32\Tasks\{80702A4C-4AB2-4D95-BB14-67DA77B01443} => C:\Windows\system32\pcalua.exe -a E:\GDFTHR_uninst.exe -d E:\
Task: {36437A5C-E7F3-472E-9821-CD07E4F16A19} - System32\Tasks\{646A331F-45B2-45E0-8848-EC8A2238DDEC} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\mohpacificassault_cz.exe -d D:\Češtiny
Task: {36C977BE-4266-41E5-A1CF-97FEC618318B} - System32\Tasks\{5624CF3A-AA0B-4238-97C5-DA1EBC153E16} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Desktop\DVD1\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Users\Kengura\Desktop\DVD1\Assassin's Creed CZ by Tw22ty"
Task: {3C302C3F-D05B-49D2-88C4-F88ADB54C454} - System32\Tasks\{B120B17E-0A9F-4244-96A6-DAFCDDA963FA} => C:\Windows\system32\pcalua.exe -a F:\far_cry_v1.32.exe -d F:\
Task: {3C4C4868-0DFA-4068-8F9C-EFE0D8B9C7CC} - System32\Tasks\{1C094734-8764-414D-A046-94C65B799FBD} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {40A177AE-CD31-49FE-AC7E-73BBAD55B115} - System32\Tasks\{8BD692AD-85FC-432B-85A1-DC2168DEDFE6} => C:\GOG Games\The Witcher 2 Assassins of Kings\Launcher.exe
Task: {40A2787F-AC5D-4CE2-9495-12C6F47F5801} - System32\Tasks\{F3C5C2CE-B304-46F4-97F5-40292B4A680E} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong_v141.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {45B2AC2E-7D94-4894-9399-897FAF6C1EA1} - System32\Tasks\{256334CB-D171-426E-B3F5-CDBF56249674} => C:\Windows\system32\pcalua.exe -a D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack\Vietcong-v160.exe -d D:\vietcong.pterodon\vietcong.pterodon\vietcong.uncensored.iso\Patches+crack
Task: {4620D7B1-8400-4A87-81F1-7B4B39F2D721} - System32\Tasks\{6E904970-3CD1-4D6C-ACC6-454297A90B98} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\HalfLife2_CZ.exe" -d "D:\Half Life"
Task: {4B59F7B8-7A48-4239-8E40-F7C59310483F} - System32\Tasks\{A6B5AD12-171A-4E8B-BA60-5B425D65126A} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {4C5D6D63-3650-4634-8841-CFC53D94FC5D} - System32\Tasks\{CEA487D2-DF66-414C-9DDE-75DD792E04A8} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\hl2_ep_cz.exe -d C:\Users\Kengura\Desktop
Task: {4FB274B8-2D94-46C4-A7DD-9E4A9AE6C70A} - System32\Tasks\{7388A0C8-FCBA-4C6C-900F-CFBD7CB101CC} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {56391FCD-AD2F-47A4-9295-B5BF018B3D94} - System32\Tasks\{39F63C95-859A-49DF-A046-F12E1ACBF3A2} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.03 + crack\far_cry_2_1.03.exe" -d "D:\Far Cry 2\Patch 1.03 + crack"
Task: {57159F6D-91CC-4FA2-B8DB-45866B9CB193} - System32\Tasks\{BF0965C6-7032-407E-93BD-F589FABBA642} => C:\GOG Games\The Witcher 2 Assassins of Kings\Launcher.exe
Task: {58BEA721-38EA-46A7-916B-3EF4EE5039DF} - System32\Tasks\{BB098232-5762-4739-8E0B-A999188B8BAA} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\assassins_creed_1.02.exe -d D:\Češtiny
Task: {606AA06C-0A06-4136-A98E-D91FBCED90DE} - System32\Tasks\{22471DC0-8704-4B42-8DD5-919580EF3169} => C:\Windows\system32\pcalua.exe -a "F:\Potřebné programy\Ubisoft Game Launcher\UbisoftGameLauncherInstaller.exe" -d "F:\Potřebné programy\Ubisoft Game Launcher"
Task: {661926E9-5299-4BBD-8DD3-92CF169E6E51} - System32\Tasks\{600C9C37-2D55-43EA-A0E1-73326F7EF38D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe" -d C:\Users\Kengura\Desktop
Task: {66433877-4512-4F82-9E64-D043BB2C93B6} - System32\Tasks\{246639CD-5F59-434B-8F3B-4C567D76B2BF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty - Black Ops\Redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Activision\Call of Duty - Black Ops\Redist"
Task: {669D4148-FA6A-43CB-8511-48A84AB52223} - System32\Tasks\Norton Security Scan for Kengura => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
Task: {70EBBB9A-3748-4213-A901-A676FC4899EA} - System32\Tasks\{C9785EA8-9991-48F6-A759-C2811ACEECAD} => C:\Windows\system32\pcalua.exe -a F:\AC2.part01.exe -d F:\
Task: {73CD4531-ED74-47E6-B405-55A1822A6D8B} - System32\Tasks\{3408B213-E2BD-41E7-9777-C2D723CD04B5} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\cz_moh_pacific_assault\mohpacificassault_cz.exe -d C:\Users\Kengura\Desktop\cz_moh_pacific_assault
Task: {74EFD15F-274A-4049-A731-B6DC9D4A9F24} - System32\Tasks\{471383DC-0CF7-4011-84EA-559169489C0C} => C:\Program Files (x86)\Cenega Czech\VIETCONG\vietcong.exe
Task: {77886FCE-2755-4F9A-94DA-D62FD9230BAA} - System32\Tasks\{C25F5777-F70F-4D99-AE0C-F288AD5E26B1} => C:\Windows\system32\pcalua.exe -a "D:\Assassins Creed\assassins_creed_1.02.exe" -d "D:\Assassins Creed"
Task: {7906EE58-EE3A-407C-BAB9-9891C7176912} - System32\Tasks\{CB7B2527-D182-4C5D-9087-54096CA3833B} => C:\Windows\system32\pcalua.exe -a D:\Oblivion.cz\cz_oblivion_standard_1.05\InstallOblivionCZ.exe -d D:\Oblivion.cz\cz_oblivion_standard_1.05
Task: {79C19AF2-C56E-45F7-8C01-C021B6F014B4} - System32\Tasks\{631D0B84-5148-4D81-BBC1-41ACBDE5481D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mafia\Setup.exe" -d "C:\Program Files\Mafia"
Task: {7A6235C4-DD46-4DF6-80F5-CA8F945FCF5A} - System32\Tasks\{0BFB0B7F-5F54-4D63-98F0-F56955FB3CF0} => C:\Windows\system32\pcalua.exe -a G:\GDFTHR_inst.exe -d G:\
Task: {7D758CDF-DDA4-40FB-907A-61813231DAAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-07] (Google Inc -> Google Inc.)
Task: {7D7E4CCB-ABD5-44A0-B1A3-48B81754ECB1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7E558DAF-4005-493C-A162-C088DC6704B0} - System32\Tasks\{4BD9D941-FBBD-4CC6-B75E-90C2983F1151} => C:\Windows\system32\pcalua.exe -a D:\Češtiny\cod_uo_cestina.exe -d D:\Češtiny
Task: {818FE93D-7352-4786-97EF-4F8B801D8BAB} - System32\Tasks\{81B3ED82-0F5A-4FDC-9F6E-41E6AFA5E86D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Translator_2016"
Task: {83F9AC61-40FE-4196-9476-59638A5EC030} - System32\Tasks\{C260F016-B648-4F0B-9894-A58B36D10A56} => C:\Windows\system32\pcalua.exe -a D:\Manhunt\Manhunt2CZE.exe -d D:\Manhunt
Task: {8B578532-D64E-4D7F-819C-6C7BDA0BE72E} - System32\Tasks\{218F1408-B4AA-469A-A8B4-0DF12E089EDE} => C:\Windows\system32\pcalua.exe -a D:\Gothi\Gothic_3_MDS_EU.exe -d D:\Gothi
Task: {8BBFFB8C-95E7-4EA0-A566-D5C76F4CDCC5} - System32\Tasks\{8512B359-7FB1-48FE-90BF-B3C3DB6CB5AF} => C:\Windows\system32\pcalua.exe -a D:\Instal\Translator_2016\TRNIKONY.EXE -d D:\Instal\Translator_2016
Task: {8BEEA774-9B54-47EE-836A-5B55663EBF25} - System32\Tasks\{5C66CBA1-6087-472F-ADDC-B3ACD5A4B065} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {8C4A02E2-237C-40C3-9F95-9D754B90188D} - System32\Tasks\{CCA2EB60-19EB-4FF6-BA70-D3D0750E6F02} => C:\Windows\system32\pcalua.exe -a "D:\Half Life\hl2_ep_cz.exe" -d "D:\Half Life"
Task: {8D47791B-6463-4185-858E-2346F900F9F9} - System32\Tasks\{91EF7452-2219-4546-97C6-42B0A73A9781} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {947CC427-784E-40F4-8A62-D17E50646923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-07] (Google Inc -> Google Inc.)
Task: {956543F2-F2B1-459D-B5E0-8E819796455C} - System32\Tasks\{8B72E981-D81B-47B8-ADBD-81C8438D8787} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Desktop\Nová složka\Setup.EXE" -d "C:\Users\Kengura\Desktop\Nová složka"
Task: {99AD046F-2027-4763-92FD-387A36D341C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9AC3A4B1-357B-4386-A424-C0F47FE37443} - System32\Tasks\{F1069528-A8A5-43FD-A9E1-0FEE54E35E85} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kengura\Videos\max payne 2 čeština a patch\MaxPayne2cestina.exe" -d "C:\Users\Kengura\Videos\max payne 2 čeština a patch"
Task: {A62C8294-0F97-4442-B807-A9BFC5E151A3} - System32\Tasks\{6DE04359-2890-4F43-A39C-429C3A42208F} => C:\Windows\system32\pcalua.exe -a E:\AMD-64BIT_PATCH\SORM_32BIT-AMD64BIT.EXE -d E:\AMD-64BIT_PATCH
Task: {AD8D910F-A632-410A-AED5-C3D772E91391} - System32\Tasks\{525C8C3B-9F12-4673-A06A-69F744F208DC} => C:\Program Files (x86)\Cenega Czech\VIETCONG\vietcong.exe
Task: {B25F336E-8D53-44FD-B717-1ACC9BF1B6F9} - System32\Tasks\{0BDD501F-55CD-405D-A300-6011213A9E80} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {B735ABB3-5C54-4364-B346-944ED3500324} - System32\Tasks\{5805A922-B392-442C-B23F-6BEDA60E9396} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Desktop\cod_uo_cestina.exe -d C:\Users\Kengura\Desktop
Task: {B9BD6340-EE2C-4225-A4C1-E7E6E934555A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B9BD6340-EE2C-4225-A4C1-E7E6E934555A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {BC2D01BF-0B6D-4130-915C-55D42C7138DB} - System32\Tasks\{C1927AA2-3A17-4076-8D97-94C87770164C} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Patch 1.02 + crack\far_cry_2_1.02.exe" -d "D:\Far Cry 2\Patch 1.02 + crack"
Task: {BC788224-2B9E-4968-A439-B7BCD5CA0573} - System32\Tasks\{466745EC-5C0B-48CF-802A-F8E675AD5EB9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Nová složka\DVD1\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Program Files (x86)\Nová složka\DVD1\Assassin's Creed CZ by Tw22ty"
Task: {C10964D6-1ABD-4CEA-9082-5BA8708B7436} - System32\Tasks\{7D7FE2CC-3A70-44C9-B18E-35665D7785D9} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {C14A5141-0498-4D72-8140-3DBD96F50A7E} - System32\Tasks\{881E1FB6-DF9F-4F85-9AC1-1C6E6D11141F} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War\CoDWaW.exe" -d "D:\Call of Duty 5 World at War v_1.7 full game -=AviaRa=-\Call of Duty - World at War"
Task: {CF14EAFC-78CB-48F3-9646-80C28904965A} - System32\Tasks\{50923AF9-D634-4E90-9215-B3D304D6C572} => C:\Windows\system32\pcalua.exe -a "D:\Far Cry 2\Bonusy\Far Cry 2 - The Fortune's Pack\F2FP_setup.exe" -d "D:\Far Cry 2\Bonusy\Far Cry 2 - The Fortune's Pack"
Task: {DAA0E401-F7D9-476E-BD11-0AB9DDEF77F5} - System32\Tasks\{2E6DDF41-D032-4AEB-BBE9-59D6EADD4079} => C:\Windows\system32\pcalua.exe -a "D:\FAr Cry\farcry_amd64upgrade_us_uk.exe" -d "D:\FAr Cry"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
Task: {EBAD9728-D2A1-4909-9248-F824BBE90AFE} - System32\Tasks\{713AC9CC-C970-4A23-905F-ECD2456E2EF1} => C:\GOG Games\The Witcher Enhanced Edition Director's Cut\launcher.exe
Task: {F0617499-8A8F-4806-B9FA-F7CBB7C7E552} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F63F3EA8-C076-4137-A252-BD3337870F51} - System32\Tasks\{78DE7B11-5507-4BE7-8B4B-72326267C7A0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game\GDFTHR_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\The Godfather® The Game"
Task: {F7AEB2B7-05F9-4412-8420-9D9AA0E82A39} - System32\Tasks\{DE3310A4-F167-4C26-B584-1CB97D86DDF5} => C:\Windows\system32\pcalua.exe -a "C:\Nová složka\Assassin's Creed CZ by Tw22ty\assassins_creed_1.02.exe" -d "C:\Nová složka\Assassin's Creed CZ by Tw22ty"
Task: {FAFD5085-A263-443F-A5FB-E074270079C5} - System32\Tasks\{086F1C2C-E2F7-49B6-8CCC-2BC8C0EAF3E2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Ubisoft\Assassin's Creed II\UbisoftGameLauncherInstaller.exe" -d "C:\Program Files\Ubisoft\Assassin's Creed II"
Task: {FD8AF20B-27DE-4BAF-8749-8BDC75B9D4C9} - System32\Tasks\{2DE264B9-9F04-4B5C-928D-471D1B5DFB7D} => C:\GOG Games\The Witcher Enhanced Edition Director's Cut\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Norton Security Scan for Kengura.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{1FF80274-5A8A-4731-92C6-A2EA8D10DC61}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{B8835B1F-9A53-4FF1-92A4-90FF0D73217C}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.cz/
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default [2019-07-01]
FF user.js: detected! => C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default\user.js [2014-09-04]
FF Homepage: Mozilla\Firefox\Profiles\m2usc0l4.default -> hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-02] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-02] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-02] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-02] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2263194865-3938205509-2482612845-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-13] (Ubisoft Entertainment Sweden AB -> )

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2019-02-01] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2019-02-01] (Even Balance, Inc. -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47616 2006-06-27] (Advanced Micro Devices, Inc. -> AMD, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [82048 2011-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [42624 2011-12-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S2 CLFCL5.18; C:\Windows\System32\DRIVERS\CLFCL5.18\000.fcl [46848 2018-11-12] (CyberLink Corp. -> CyberLink Corp.)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [X]
S0 pelhmrss; System32\drivers\ujenbxfs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-28 16:56 - 2019-06-28 16:56 - 000000000 ____D C:\rsit
2019-06-28 16:56 - 2019-06-28 16:56 - 000000000 ____D C:\Program Files\trend micro
2019-06-27 11:27 - 2019-06-27 11:30 - 000000000 ____D C:\FFOutput
2019-06-26 14:21 - 2019-06-26 14:21 - 000001074 _____ C:\Users\Kengura\Desktop\Format Factory.lnk
2019-06-26 14:21 - 2019-06-26 14:21 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2019-06-24 16:15 - 2019-06-24 16:15 - 000000000 ____D C:\Windows\erdnt
2019-06-24 16:03 - 2019-07-01 16:38 - 000000000 ____D C:\FRST
2019-06-20 12:56 - 2019-06-20 12:56 - 000000110 ____H C:\Users\Kengura\Desktop\Obraz0118.jpg.uid-zps
2019-06-07 11:55 - 2019-06-08 15:50 - 000000000 ____D C:\Program Files (x86)\Activision
2019-05-08 10:54 - 2019-05-08 10:54 - 000000000 ____D C:\Users\Kengura\Documents\FormatFactory
2019-04-24 14:54 - 2019-06-26 14:21 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2019-04-22 21:00 - 2019-04-22 21:00 - 000002230 _____ C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
2019-04-18 13:32 - 2019-04-18 13:32 - 000000000 ____D C:\Users\Kengura\AppData\Local\fontconfig
2019-04-12 15:01 - 2019-04-12 15:02 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2019-04-05 16:33 - 2019-04-05 16:33 - 000000000 ____D C:\Users\Kengura\Documents\Assassin's Creed Syndicate
2019-04-05 16:31 - 2015-11-17 16:01 - 000000422 _____ C:\Program Files\update-ASCreedSyndicate.bat
2019-04-05 16:31 - 2013-10-12 20:47 - 000000732 _____ C:\Program Files\visit-www.nosteam.ro.html

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-01 16:33 - 2018-02-05 17:33 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-01 16:32 - 2009-07-14 06:45 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-01 16:32 - 2009-07-14 06:45 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-01 16:29 - 2009-07-14 17:18 - 000671796 _____ C:\Windows\system32\perfh005.dat
2019-07-01 16:29 - 2009-07-14 17:18 - 000142392 _____ C:\Windows\system32\perfc005.dat
2019-07-01 16:29 - 2009-07-14 07:13 - 001591814 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-01 16:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-07-01 16:24 - 2014-06-27 14:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-01 16:24 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-11 11:09 - 2015-05-01 14:41 - 000000456 ____H C:\Windows\Tasks\Norton Security Scan for Kengura.job

==================== Files in the root of some directories ================

2019-04-05 16:31 - 2015-11-17 16:01 - 000000422 _____ () C:\Program Files\update-ASCreedSyndicate.bat
2019-04-05 16:31 - 2013-10-12 20:47 - 000000732 _____ () C:\Program Files\visit-www.nosteam.ro.html
2014-10-29 15:18 - 2014-10-29 15:19 - 000002292 _____ () C:\Users\Kengura\AppData\Roaming\ASSDraw3.cfg
2014-06-28 23:09 - 2018-02-23 16:20 - 000099384 _____ () C:\Users\Kengura\AppData\Roaming\inst.exe
2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Users\Kengura\AppData\Roaming\MafiaSetup.exe
2014-06-28 23:09 - 2018-02-23 16:20 - 000007859 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.cat
2014-06-28 23:09 - 2018-02-23 16:20 - 000001167 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.inf
2014-06-28 23:09 - 2018-02-23 16:20 - 000000055 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.log
2014-06-28 23:09 - 2018-02-23 16:20 - 000082816 _____ (VSO Software) C:\Users\Kengura\AppData\Roaming\pcouffin.sys
2016-02-22 17:56 - 2018-10-27 10:27 - 000047648 _____ () C:\Users\Kengura\AppData\Roaming\SLOVA.WAV
2016-02-22 17:56 - 2018-10-27 10:27 - 000047248 _____ () C:\Users\Kengura\AppData\Roaming\TMP.WAV
2014-06-28 23:09 - 2018-02-21 18:26 - 000001041 _____ () C:\Users\Kengura\AppData\Roaming\vso_ts_preview.xml
2017-12-11 16:57 - 2017-12-11 16:57 - 000003584 _____ () C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 19:39 - 2016-02-28 17:30 - 000007598 _____ () C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg

==================== SigCheckExt ================

2015-08-07 14:28 - 1998-10-29 16:45 - 000306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2006-07-14 16:29 - 2006-07-14 16:29 - 000966656 _____ (Nero AG) C:\Windows\UNNeroMediaHome.exe
2006-07-14 16:29 - 2006-07-14 16:29 - 000966656 _____ (Nero AG) C:\Windows\UNNeroShowTime.exe
2006-07-14 16:29 - 2006-07-14 16:29 - 000966656 _____ (Nero AG) C:\Windows\UNNeroVision.exe
2006-07-14 16:29 - 2006-07-14 16:29 - 000966656 _____ (Nero AG) C:\Windows\UNRecode.exe
2017-04-22 13:23 - 2006-08-25 23:17 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2017-04-22 13:23 - 2011-01-12 12:53 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2017-07-19 15:50 - 2017-07-19 15:50 - 000004608 _____ C:\Windows\SysWOW64\BReWErS.dll
2015-08-07 13:47 - 2017-07-11 12:15 - 000098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2018-08-13 15:10 - 2018-08-16 13:04 - 000043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000065602 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\cook3260.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000176165 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv23260.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000208935 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv33260.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000217127 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv43260.dll
2004-01-06 09:43 - 2004-01-06 09:43 - 000188416 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2004-07-26 16:16 - 2004-07-26 16:16 - 001568768 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagX7.dll
2004-07-26 16:16 - 2004-07-26 16:16 - 000262144 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXR7.dll
2004-07-26 16:16 - 2004-07-26 16:16 - 000471040 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXRA7.dll
2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Windows\SysWOW64\MafiaSetup.exe
2017-04-22 13:23 - 2006-08-26 00:07 - 001024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll
2017-04-22 13:23 - 2006-08-26 00:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll
2017-04-22 13:23 - 2006-08-26 00:28 - 001017344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll
2014-07-22 19:30 - 2011-01-12 13:19 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71chs.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71cht.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71deu.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71enu.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71esp.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71fra.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71ita.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71jpn.dll
2017-04-22 13:23 - 2011-01-12 13:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71kor.dll
2017-04-22 13:23 - 2011-01-12 13:36 - 001054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2017-04-22 13:23 - 2001-08-23 00:00 - 001355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2017-04-22 13:23 - 2005-01-20 19:25 - 000054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll
2017-04-22 13:23 - 2002-01-05 05:40 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-07-22 19:37 - 2007-02-01 22:13 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2017-04-22 13:23 - 2007-01-30 22:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-07-22 19:37 - 2007-02-01 19:11 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-04-22 13:23 - 1993-07-23 19:31 - 000210944 _____ C:\Windows\SysWOW64\msvcrt10.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000273408 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\Pncrt.dll
2018-02-21 18:19 - 2009-09-02 22:58 - 000102439 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\sipr3260.dll
2004-07-09 08:43 - 2004-07-09 08:43 - 000364544 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\TwnLib4.dll
2017-04-22 13:23 - 1996-01-12 03:00 - 000722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40032.dll
2015-08-14 12:19 - 2005-06-24 17:24 - 000438272 ____R (EA.com/On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Users\Kengura\AppData\Roaming\MafiaSetup.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Spr�vce spou�t�n� syst�mu Windows
--------------------
identifik�tor {bootmgr}
device partition=\Device\HarddiskVolume1
path \bootmgr
description Windows Boot Manager
locale cs-CZ
default {current}
displayorder {current}
timeout 30

Zav�d�c� program pro spou�t�n� syst�mu Windows
-------------------
identifik�tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Professional (obnoven�)
locale cs-CZ
recoverysequence {679ce9bb-1195-11e4-9806-992c1c118e00}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {1a7a48d8-118d-11e4-95dc-806e6f6e6963}
numproc 2
usefirmwarepcisettings No

Zav�d�c� program pro spou�t�n� syst�mu Windows
-------------------
identifik�tor {679ce9bb-1195-11e4-9806-992c1c118e00}
device ramdisk=[C:]\Recovery\5d10c5bb-fde9-11e3-a9f5-80367af123d8\Winre.wim,{679ce9bc-1195-11e4-9806-992c1c118e00}
path \windows\system32\winload.exe
description Windows Recovery Environment (obnoven�)
locale
osdevice ramdisk=[C:]\Recovery\5d10c5bb-fde9-11e3-a9f5-80367af123d8\Winre.wim,{679ce9bc-1195-11e4-9806-992c1c118e00}
systemroot \windows
winpe Yes

Zav�d�c� program pro spou�t�n� syst�mu Windows
-------------------
identifik�tor {679ce9be-1195-11e4-9806-992c1c118e00}

Obnoven� z hibernace
---------------------
identifik�tor {1a7a48d8-118d-11e4-95dc-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Professional (obnoven�)
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov�n� pam�ti syst�mu Windows
---------------------
identifik�tor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale cs-CZ

Nastaven� ladic�ho programu
-----------------
identifik�tor {dbgsettings}

Parametry za��zen�
--------------
identifik�tor {679ce9bc-1195-11e4-9806-992c1c118e00}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\5d10c5bb-fde9-11e3-a9f5-80367af123d8\boot.sdi

Parametry za��zen�
--------------
identifik�tor {679ce9bf-1195-11e4-9806-992c1c118e00}
ramdisksdidevice unknown
ramdisksdipath \Recovery\281e0955-efe8-11e3-a84e-b47149f1d705\boot.sdi


LastRegBack: 2019-06-26 15:57
==================== End of FRST.txt ============================
ADV Cleaner -
Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-08-2019
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\AVG Security Toolbar
Deleted C:\Users\Kengura\AppData\Local\torch
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\SOFTWARE\Classes\Applications\TorchSetup-r275-n-bi.exe
Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2482 octets] - [08/07/2019 16:03:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########