VIRY.CZ

Dobrý den, může mi prosím někdo poradit se zavirovaným počítačem? Nemůžu se už nějakou dobu dostat do emailu a do některých aplikací (hry, programy) a navíc jsem zjistil že je na mě napojený nějaký neznámý účet. Když jsem řešil problém s chrome_elf.dll (nejdou kvůli tomu spustit nějaké aplikace) narazil jsem na neznámý účet který tento soubor ovládá (přiložené foto). Potřeboval bych poradit jak počítač pročistit a vše opravit. Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Tom78 (administrator) on STROJ (ASUS All Series) (18-07-2019 21:26:47)
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78 (Available Profiles: Tom78)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe
(A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MPC-HC Team) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\MPC\mpc-hc64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Tom78\AppData\Local\Programs\Opera\62.0.3331.72\opera_crashreporter.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-11-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Winlogon: [Shell] c:\windows\system32\explorer.exe [2616320 2017-06-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [BloodyKeyboard] => C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe [11374080 2017-11-02] () [File not signed]
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16442096 2018-07-20] (A FOUR TECH CO., LTD. -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DA61B7B-4010-4682-A6B6-79107AE7F5BE} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14AC9ED5-16D1-440E-80F7-2831842C07BE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CE3C2ED-DD67-4E9F-84A2-42AFFFD6C3AB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {2EA62DBA-A4B1-45D8-9C35-6F39CB8BCB48} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {30C84C42-22D2-4D32-9883-21C60CF3C137} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35CB327F-6E9E-4873-9EBD-2E148F87CCBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe)
Task: {5AA301E4-AD64-4B3C-AEAA-DEFB1A0498AE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {67DC3216-99AD-47FE-AC88-EA2B7944CBC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6BF9A69D-C5CE-4ECA-991F-A5EE7234A1D6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6C92F902-187A-4398-9BEE-903B7D923BD3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
Task: {81E2514D-5420-4D16-91FF-78B9027A7499} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {83640DE0-F799-4646-A817-2B7774271A77} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A81FFF11-86E8-4DFE-A437-9A77957E25A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-11-20] (Piriform Ltd -> Piriform Ltd)
Task: {AD79FC5C-F5A7-4B2C-8D49-4854FE1DCB67} - System32\Tasks\Opera scheduled Autoupdate 1561384036 => C:\Users\Tom78\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-11] (Opera Software AS -> Opera Software)
Task: {BFA9E04A-7707-41A3-90AA-90BFB8BC5C80} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C15291D0-0646-4389-8945-1FF047B0D0B1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3B0B22A-67C2-4563-BAD1-7D4B80586525} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {CAB67667-24A7-4D34-8DAC-DA5EE79C7F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)
Task: {D41C3A75-4D42-4AB1-B670-7E43E0D790A7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E168FA3D-060D-44FB-83EE-10F7A0B83CED} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0531922-22F4-4231-BAE6-CF86DB2ECDFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.73.101.1 8.8.4.4
Tcpip\..\Interfaces\{3E23E901-49BD-4232-B46C-DCEB20E89345}: [DhcpNameServer] 82.99.143.180 8.8.4.4
Tcpip\..\Interfaces\{54FFDA33-F641-4D2B-8030-41EF90A57627}: [DhcpNameServer] 185.73.101.1 8.8.4.4

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: 0xsqg3cl.default
FF ProfilePath: C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\0xsqg3cl.default [2019-07-18]
FF Session Restore: Mozilla\Firefox\Profiles\0xsqg3cl.default -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\0xsqg3cl.default\Extensions\sp@avast.com.xpi [2019-06-28]
FF Extension: (uBlock Origin) - C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\0xsqg3cl.default\Extensions\uBlock0@raymondhill.net.xpi [2019-07-09]
FF Extension: (Avast Online Security) - C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\0xsqg3cl.default\Extensions\wrc@avast.com.xpi [2019-07-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-18] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default [2019-07-18]
CHR Extension: (Prezentace) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-24]
CHR Extension: (Dokumenty) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-24]
CHR Extension: (Disk Google) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-24]
CHR Extension: (YouTube) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-24]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-24]
CHR Extension: (Tabulky) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-24]
CHR Extension: (Avast Online Security) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-24]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2019-06-24]
CHR Extension: (Gmail) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tom78\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Tom78\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-06-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-05-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-06-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-06-12] (GOG Sp. z o.o. -> GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-21] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
R3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [84960 2017-06-13] (Microsoft Windows Hardware Compatibility Publisher -> ASIX Electronics Corp.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-12-02] (Disc Soft Ltd -> Disc Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Microsoft Windows -> Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-11-08] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-11-11] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199760 2016-12-20] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2018-12-19] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel(R) Code Signing External -> )
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [227248 2017-10-30] (WDKTestCert charles-yeh,131345514351795974 -> Prolific Technology Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2017-04-22] (Disc Soft Ltd -> Duplex Secure Ltd.)
U3 axkb2rrk; C:\Windows\System32\Drivers\axkb2rrk.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 21:26 - 2019-07-18 21:27 - 000023703 _____ C:\Users\Tom78\Desktop\FRST.txt
2019-07-18 21:26 - 2019-07-18 21:26 - 000000000 ____D C:\FRST
2019-07-18 21:25 - 2019-07-18 21:25 - 002095104 _____ (Farbar) C:\Users\Tom78\Desktop\FRST64.exe
2019-07-18 17:51 - 2019-07-18 21:10 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-18 17:51 - 2019-07-18 21:10 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-18 17:51 - 2019-07-18 17:51 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-18 17:51 - 2019-07-18 17:51 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-16 02:22 - 2019-07-16 02:22 - 000000000 ____D C:\Users\Tom78\Documents\TPFSM
2019-07-16 02:18 - 2019-07-16 02:18 - 000000769 _____ C:\Users\Tom78\Desktop\Transport Fever.lnk
2019-07-16 02:18 - 2019-07-16 02:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2019-07-15 17:57 - 2019-07-15 17:57 - 000000931 _____ C:\Users\Tom78\Desktop\SOVIET.lnk
2019-07-14 20:51 - 2019-07-14 20:51 - 000001012 _____ C:\Users\Tom78\Desktop\SUPERNATURAL (Lovci Duchů).lnk
2019-07-13 14:42 - 2019-07-13 14:42 - 000001123 _____ C:\Users\Public\Desktop\Workers Resources Soviet Republic.lnk
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workers Resources Soviet Republic
2019-07-13 11:49 - 2019-07-13 11:48 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-13 11:49 - 2019-07-13 11:48 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-13 11:49 - 2019-07-13 11:48 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-11 00:15 - 2019-07-18 00:09 - 000001373 _____ C:\Users\Tom78\Desktop\Settlers_online_X.txt
2019-07-05 00:59 - 2019-07-05 00:59 - 000001354 _____ C:\Users\Public\Desktop\Apowersoft Video Konvertor.lnk
2019-07-05 00:59 - 2019-07-05 00:59 - 000000000 ____D C:\usr
2019-07-05 00:59 - 2019-07-05 00:59 - 000000000 ____D C:\Users\Tom78\Documents\Apowersoft
2019-07-05 00:59 - 2019-07-05 00:59 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Apowersoft
2019-07-05 00:59 - 2019-07-05 00:59 - 000000000 ____D C:\Users\Tom78\AppData\Local\Apowersoft
2019-07-05 00:59 - 2019-07-05 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2019-07-05 00:59 - 2018-12-19 21:44 - 000370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll
2019-07-05 00:59 - 2018-12-19 21:44 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll
2019-07-05 00:59 - 2018-12-19 21:44 - 000107768 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll
2019-07-05 00:59 - 2018-12-19 21:44 - 000098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll
2019-07-05 00:59 - 2018-12-19 21:44 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2019-07-05 00:59 - 2018-12-19 21:44 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys
2019-07-05 00:58 - 2019-07-05 00:59 - 000000000 ____D C:\ProgramData\Apowersoft
2019-07-05 00:58 - 2019-07-05 00:58 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2019-06-26 14:29 - 2019-06-26 14:29 - 000000000 ____D C:\chrome_cache
2019-06-24 21:50 - 2019-06-24 21:57 - 000000000 ____D C:\Users\Tom78\AppData\Local\Thunderbird
2019-06-24 21:50 - 2019-06-24 21:50 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Thunderbird
2019-06-24 15:47 - 2019-06-26 01:39 - 000004042 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1561384036
2019-06-24 15:47 - 2019-06-25 15:23 - 000001356 _____ C:\Users\Tom78\Desktop\Prohlížeč Opera.lnk
2019-06-24 15:47 - 2019-06-24 15:47 - 000001282 _____ C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2019-06-24 15:47 - 2019-06-24 15:47 - 000000000 ____D C:\Users\Tom78\AppData\Local\Opera Software
2019-06-24 15:46 - 2019-06-24 15:46 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Opera Software
2019-06-19 23:25 - 2019-07-10 15:32 - 038595778 _____ C:\Users\Tom78\AppData\Roaming\gta5_patch.bin
2019-06-19 23:25 - 2019-06-19 23:25 - 000332800 _____ C:\Users\Tom78\AppData\Roaming\patcher.dll
2019-06-19 22:08 - 2019-06-19 22:08 - 000000656 _____ C:\Users\Tom78\Desktop\YouTube – zástupce.lnk
2019-06-18 18:08 - 2019-06-18 18:08 - 000001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-06-18 18:03 - 2019-06-18 18:03 - 000002085 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-06-18 18:03 - 2019-06-18 18:03 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\AVAST Software
2019-06-18 18:03 - 2019-06-18 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-06-18 18:02 - 2019-07-13 11:49 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-18 18:02 - 2019-07-13 11:48 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-18 18:02 - 2019-07-13 11:48 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-18 18:01 - 2019-06-18 18:01 - 000000000 ____D C:\Program Files\AVAST Software

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-18 21:16 - 2009-07-14 06:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-18 21:16 - 2009-07-14 06:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-18 21:10 - 2019-06-05 17:43 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2019-06-05 17:43 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2019-06-05 17:43 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2019-06-05 17:43 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-11-20 18:48 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-18 21:10 - 2018-08-23 20:18 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-08-23 20:18 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-08-23 20:18 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-08-23 20:18 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-03-01 20:55 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-18 21:10 - 2018-02-14 12:32 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2018-02-14 12:32 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-18 21:10 - 2016-11-06 23:54 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-07-18 17:51 - 2017-10-04 15:46 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-18 14:48 - 2017-11-08 14:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-18 14:46 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-18 00:12 - 2018-09-10 15:27 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\Mozilla
2019-07-16 02:38 - 2018-10-18 14:48 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Transport Fever
2019-07-16 02:18 - 2016-12-05 17:23 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-07-16 02:08 - 2016-12-04 15:14 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\uTorrent
2019-07-15 16:52 - 2017-11-16 23:05 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-15 01:00 - 2019-03-15 23:36 - 000000000 ____D C:\Users\Tom78\AppData\Local\CrashDumps
2019-07-12 13:31 - 2016-12-31 13:53 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\vlc
2019-07-11 15:30 - 2017-11-09 22:20 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\obs-studio
2019-07-10 19:14 - 2019-06-05 13:28 - 000000000 ____D C:\Users\Tom78\AppData\Local\ElevatedDiagnostics
2019-07-10 14:27 - 2017-11-08 14:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-10 02:38 - 2018-03-01 20:55 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-10 02:38 - 2017-06-30 22:59 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-10 02:38 - 2017-06-30 22:59 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-10 02:38 - 2016-11-07 03:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-10 02:38 - 2016-11-07 03:54 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-10 01:38 - 2018-03-13 15:15 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 15:14 - 2017-11-08 14:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-07-09 15:13 - 2017-11-08 14:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-09 15:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-07-05 23:45 - 2016-11-17 23:20 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2019-07-05 01:00 - 2017-11-08 14:27 - 000000000 ____D C:\Users\Tom78\AppData\Local\NVIDIA
2019-06-28 15:01 - 2019-06-08 13:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-24 15:40 - 2017-10-18 23:32 - 000000000 ____D C:\Users\Tom78\AppData\Local\Google
2019-06-24 14:06 - 2016-12-24 01:19 - 000000000 ____D C:\Users\Tom78\Desktop\Progr
2019-06-22 02:15 - 2019-03-04 19:26 - 000000000 ____D C:\Users\Tom78\Desktop\Plocha2
2019-06-22 00:41 - 2011-04-12 10:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2019-06-22 00:41 - 2011-04-12 10:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2019-06-22 00:41 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-19 16:12 - 2016-11-08 20:00 - 000007645 _____ C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg
2019-06-18 18:10 - 2016-11-06 23:17 - 000000000 ____D C:\Program Files\WinRAR
2019-06-18 18:07 - 2016-11-22 00:39 - 000000000 ____D C:\Program Files\IrfanView
2019-06-18 18:07 - 2016-11-06 23:17 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-18 18:07 - 2016-11-06 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-18 18:03 - 2018-06-21 14:14 - 000000000 ____D C:\Users\Tom78\AppData\Local\AVAST Software
2019-06-18 18:01 - 2016-11-06 23:52 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-18 17:48 - 2019-06-15 21:14 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\TS3Client
2019-06-18 10:59 - 2018-08-23 20:18 - 002785776 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-06-18 10:59 - 2018-08-23 20:18 - 002164080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-06-18 10:59 - 2018-08-23 20:18 - 001316664 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-06-18 10:56 - 2017-11-03 23:28 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat

==================== Files in the root of some directories ================

2019-06-19 23:25 - 2019-07-10 15:32 - 038595778 _____ () C:\Users\Tom78\AppData\Roaming\gta5_patch.bin
2019-06-19 23:25 - 2019-06-19 23:25 - 000332800 _____ () C:\Users\Tom78\AppData\Roaming\patcher.dll
2016-11-08 20:00 - 2019-06-19 16:12 - 000007645 _____ () C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-13 01:05
==================== End of FRST.txt ============================

-----------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Tom78 (18-07-2019 21:27:37)
Running from C:\Users\Tom78\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-11-06 21:06:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4101578857-3757837661-3053645589-500 - Administrator - Disabled)
Guest (S-1-5-21-4101578857-3757837661-3053645589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4101578857-3757837661-3053645589-1002 - Limited - Enabled)
Tom78 (S-1-5-21-4101578857-3757837661-3053645589-1000 - Administrator - Enabled) => C:\Users\Tom78

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Acronis Disk Director (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Aktualizace NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden
Apowersoft Video Konvertor V4.8.2 (HKLM-x32\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.8.2 - APOWERSOFT LIMITED)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 18.07.0009 - Bloody)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Disney Princezna - Kouzelná cesta (HKLM-x32\...\{E375D72E-5343-4F73-986C-1B00C35F1DFC}) (Version: 1.0 - Disney Interactive Studios)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: "1.0.0.10" - Rockstar Games)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
KeyDominator2 (HKLM-x32\...\BloodyKeyboard) (Version: 17.11.0002 - Bloody)
Kyodai Mahjongg 2006 v1.2 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 67.0.4 (x64 cs)) (Version: 67.0.4 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 62.0.3331.72 (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
Organizér (HKLM-x32\...\{4154BF17-EE1F-4F25-9696-2FF191FE0787}) (Version: 5.3.5.1 - Fireluke Software)
Ovládací panel NVIDIA 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 430.86 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\TeamSpeak 3 Client) (Version: 3.2.5 - TeamSpeak Systems GmbH)
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Transport Fever v.Build 18381 (HKLM-x32\...\Transport Fever_is1) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.2 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Workers Resources Soviet Republic (HKLM-x32\...\Workers Resources Soviet Republic_is1) (Version: - torrent-igruha.org)
XMedia Recode verze 3.3.8.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.8.6 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-13] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-09-08 16:20 - 2017-04-17 10:43 - 003852800 _____ () [File not signed] C:\Program Files (x86)\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2017-11-27 14:26 - 2014-01-10 11:48 - 004260352 _____ () [File not signed] C:\Program Files (x86)\KeyDominator2\KeyDominator2\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2017-11-27 14:26 - 2017-11-02 10:32 - 011374080 _____ () [File not signed] C:\Program Files (x86)\KeyDominator2\KeyDominator2\KeyDominator2.exe
2017-02-01 14:11 - 2015-10-04 22:12 - 000300544 _____ () [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\libbluray.dll
2017-02-01 14:11 - 2015-10-04 22:12 - 000296448 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\LAVAudio.ax
2017-02-01 14:11 - 2015-10-04 22:12 - 000587776 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\LAVSplitter.ax
2017-02-01 14:11 - 2015-10-04 22:12 - 001153024 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\LAVVideo.ax
2017-02-01 14:11 - 2015-10-04 22:10 - 009806336 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\avcodec-lav-56.dll
2017-02-01 14:11 - 2015-10-04 22:10 - 000186368 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\avfilter-lav-5.dll
2017-02-01 14:11 - 2015-10-04 22:10 - 001422336 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\avformat-lav-56.dll
2017-02-01 14:11 - 2015-10-04 22:10 - 000161280 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\avresample-lav-2.dll
2017-02-01 14:11 - 2015-10-04 22:10 - 000429568 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\avutil-lav-54.dll
2017-02-01 14:11 - 2015-10-04 22:10 - 000467968 _____ (FFmpeg Project) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\swscale-lav-3.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-02-01 14:11 - 2015-10-18 21:55 - 012075008 _____ (MPC-HC Team) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\MPC\mpc-hc64.exe
2017-02-01 14:11 - 2015-05-03 19:49 - 002034176 _____ (xy-VSFilter Team) [File not signed] C:\Program Files\Combined Community Codec Pack 64bit\Filters\VSFilter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\24teen.com -> 24teen.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\30search.com -> 30search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\31234.com -> 31234.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\34yo.com -> 34yo.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\356563.net -> 356563.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\36site.com -> 36site.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4-counter.com -> 4-counter.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4corn.net -> 4corn.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\4pokertips.com -> 4pokertips.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\600pics.com -> 600pics.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\69teenage.com -> 69teenage.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\75tz.com -> 75tz.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\777search.com -> 777search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\777top.com -> 777top.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\7adpower.com -> 7adpower.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\888.sooe.cn -> 888.sooe.cn
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\888net.net -> 888net.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\8da.com -> 8da.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\99livecam.com -> 99livecam.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\a2zlinks.com -> a2zlinks.com

There are 1520 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-07 01:01 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files (x86)\intel\icls client\;c:\program files\intel\icls client\;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\program files (x86)\intel\intel(r) management engine components\dal;c:\program files\intel\intel(r) management engine components\dal;c:\program files (x86)\intel\intel(r) management engine components\ipt;c:\program files\intel\intel(r) management engine components\ipt;c:\program files (x86)\common files\acronis\snapapi\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 185.73.101.1 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32A89603-4C93-4E83-96AB-8DB858A5AB73}] => (Block) %SystemDrive%\Moje\DiskDirector\DiskDirector.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{1D37AC3A-A0A0-46E5-9D31-40F1B00704D9}] => (Block) %SystemDrive%\Moje\DiskDirector\DiskDirector.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{A8428BF2-B651-4BFB-A229-5A159785B944}] => (Allow) C:\Users\Tom78\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{5AB598F2-4265-4261-B9BB-0ACCB703855B}] => (Allow) C:\Users\Tom78\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{324F436C-E05F-4C4C-83F0-8F0858B97736}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{952F2547-AC48-4238-80EF-4F7E71AEA8D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{01E02B80-E74B-4178-BBE6-BDB8288DC91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe () [File not signed]
FirewallRules: [{DA6584F7-F8AE-4CDA-AD16-DEE30ED154F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe () [File not signed]
FirewallRules: [{02DC5B5A-75DC-4566-8978-E78C971278CA}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{FAD87EC9-A0A7-4E60-A7A1-A5C7D7E404C6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{F2BC386C-9C9F-46CB-B1E7-F201AC7F34F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D330CD6-AE25-43CE-BAAC-321F36A07D7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4B4A97B0-3FF6-48E2-B8BA-20472EB33043}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8370320D-557F-4A34-8879-38126EB4FD09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E6EC7424-35EF-44F8-ABFE-11D1E6995FAB}] => (Allow) %ProgramFiles% (x86)\GOG Galaxy\GalaxyClient.exe No File
FirewallRules: [{06B1C26B-ED72-467F-888E-D5FBBA1A6373}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7E78973B-823F-45B7-94FB-1213F6BFEE04}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D917749C-54C9-4192-A79A-5E2C92E32DF7}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{80ABEA09-7889-4B17-AE58-6B692C4AAE90}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{8FF2607A-A572-4527-9981-94AD72C474BC}] => (Allow) D:\Games\GTA\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{48F593F2-6FBF-4C9B-A06C-C25981C71519}] => (Allow) D:\Games\GTA\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CA76EC64-5D8A-4DF3-87EB-13738D2ABA76}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7098BFB6-FA54-4D5F-81F5-244CCD05E301}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{663D8CA7-3262-4823-91F6-971B17C95E14}] => (Block) D:\Games\Princezny\play.exe (Disney Interactive Studios) [File not signed]
FirewallRules: [{73F67E4B-1974-4E1B-B77A-53D901915C88}] => (Block) D:\Games\Princezny\play.exe (Disney Interactive Studios) [File not signed]
FirewallRules: [{F0C15B98-2827-4144-8939-CEC6547F7A54}] => (Block) E:\Kyodai Mahjongg 2006\kmj.exe (Rene-Gilles Deberdt) [File not signed]
FirewallRules: [{899926B8-E8E6-4C74-BD9F-5A4900EFD34E}] => (Block) E:\Kyodai Mahjongg 2006\kmj.exe (Rene-Gilles Deberdt) [File not signed]
FirewallRules: [{A2354B08-1F5B-4905-9CAE-63B1A7646F2E}] => (Allow) D:\Games\Ubisoft\Tom Clancy's Ghost Recon Wildlands\GRW.exe (Blue Byte GmbH -> )
FirewallRules: [{FFCBC4B6-C676-434D-9D9F-2BEB9C3198DE}] => (Allow) C:\Users\Tom78\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{C7D3FE2A-984E-457C-B3D7-9AEF3676EF99}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{6D9C9F47-D997-463D-A35A-B234B8B5961B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{D5332DC9-8560-466C-A00C-861E902E91F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CE2232F8-ABC5-4D41-B834-F18E60C03026}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B66CAC70-54F3-469D-9031-965A2DB2FBE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0006F580-DE43-4F13-A4E7-4B853D8ADB93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49B3EE46-342F-47AD-AF9C-869D1EBE0353}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\GameLauncher.exe () [File not signed]
FirewallRules: [{70A46686-729C-49E7-9ABA-902648E328EA}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SETUPAPPLICATIONSOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{68A61979-6D83-4996-A572-1EA3BC90FEA3}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SOVIET.exe () [File not signed]
FirewallRules: [{EA221D0D-2E3F-450C-8E4C-56624149A882}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SOVIET64.exe () [File not signed]
FirewallRules: [{583E1AD8-FBF5-447B-B64A-A50163734233}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\GameLauncher.exe () [File not signed]
FirewallRules: [{523C38D8-F972-4BF9-86EB-92C91DD9A728}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SETUPAPPLICATIONSOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{F4028CD7-A732-43F2-88A0-99B450BD2962}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SOVIET.exe () [File not signed]
FirewallRules: [{524E7AF7-733B-46DB-B997-C63B7C9FCC5E}] => (Block) E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SOVIET64.exe () [File not signed]
FirewallRules: [{58888A1E-2A2D-463B-BE54-3CD4188AB2EC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{3EF4720C-1298-4DFF-B0CB-0C9168A02F36}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{3B9F9BD1-B592-40A8-82C2-811EE77748A9}] => (Block) E:\Transport\Transport Fever\TransportFever.exe () [File not signed]
FirewallRules: [{D6CE2F31-0A86-44AE-ACF0-B03D6BC8DB8A}] => (Block) E:\Transport\Transport Fever\TransportFever.exe () [File not signed]
FirewallRules: [{6BBE9EED-4860-4FD4-84D7-85E3F54A5816}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-07-2019 19:20:07 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2019 02:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/17/2019 02:53:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/16/2019 01:50:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/15/2019 02:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/15/2019 01:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SOVIET.exe, verze: 0.0.0.0, časové razítko: 0x5d123ccf
Název chybujícího modulu: MSVCR110.dll, verze: 11.0.51106.1, časové razítko: 0x5098858e
Kód výjimky: 0x40000015
Posun chyby: 0x000a327c
ID chybujícího procesu: 0x1958
Čas spuštění chybující aplikace: 0x01d53a82f970d907
Cesta k chybující aplikaci: E:\Workers and Resources Soviet Republic\Workers Resources Soviet Republic\SOVIET.exe
Cesta k chybujícímu modulu: C:\Windows\system32\MSVCR110.dll
ID zprávy: 1eeb7cd2-a68b-11e9-be9f-74da38fe0bd6

Error: (07/14/2019 11:40:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/13/2019 11:52:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/13/2019 11:43:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/18/2019 02:48:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (07/18/2019 02:46:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/18/2019 02:46:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/18/2019 02:45:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/18/2019 02:45:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/18/2019 02:45:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/17/2019 02:51:49 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (07/17/2019 02:51:49 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.


CodeIntegrity:
===================================

Date: 2017-10-28 14:18:10.956
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.925
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.379
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-28 14:18:10.348
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:51.423
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:51.392
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tom78\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:50.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-08 12:34:50.487
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2107 08/08/2014
Motherboard: ASUSTeK COMPUTER INC. B85-PLUS
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 64%
Total physical RAM: 8097.73 MB
Available physical RAM: 2840.39 MB
Total Virtual: 24291.38 MB
Available Virtual: 18258.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126.95 GB) (Free:28.53 GB) NTFS
Drive d: (Hry) (Fixed) (Total:226.74 GB) (Free:16.44 GB) NTFS
Drive e: () (Fixed) (Total:134.65 GB) (Free:18.85 GB) NTFS
Drive f: () (Fixed) (Total:931.41 GB) (Free:9.31 GB) NTFS
Drive h: (Záloha) (Fixed) (Total:443.16 GB) (Free:33.39 GB) NTFS

\\?\Volume{954ccc49-a461-11e6-a407-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 82382C7D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 12DF12DE)
Partition 1: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=804.6 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-18-2019
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [18/07/2019 22:12:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Toto je OK.
Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CAB67667-24A7-4D34-8DAC-DA5EE79C7F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)
Task: {F0531922-22F4-4231-BAE6-CF86DB2ECDFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)
U3 axkb2rrk; C:\Windows\System32\Drivers\axkb2rrk.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
FirewallRules: [{E6EC7424-35EF-44F8-ABFE-11D1E6995FAB}] => (Allow) %ProgramFiles% (x86)\GOG Galaxy\GalaxyClient.exe No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Tom78 (19-07-2019 14:56:55) Run:1
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78 (Available Profiles: Tom78)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CAB67667-24A7-4D34-8DAC-DA5EE79C7F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)
Task: {F0531922-22F4-4231-BAE6-CF86DB2ECDFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-18] (Google Inc -> Google LLC)
U3 axkb2rrk; C:\Windows\System32\Drivers\axkb2rrk.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
FirewallRules: [{E6EC7424-35EF-44F8-ABFE-11D1E6995FAB}] => (Allow) %ProgramFiles% (x86)\GOG Galaxy\GalaxyClient.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAB67667-24A7-4D34-8DAC-DA5EE79C7F6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAB67667-24A7-4D34-8DAC-DA5EE79C7F6E}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0531922-22F4-4231-BAE6-CF86DB2ECDFE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0531922-22F4-4231-BAE6-CF86DB2ECDFE}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
axkb2rrk => service not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => removed successfully
HKLM\Software\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6EC7424-35EF-44F8-ABFE-11D1E6995FAB}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22286346 B
Java, Flash, Steam htmlcache => 90893482 B
Windows/system/drivers => 2441129 B
Edge => 0 B
Chrome => 362012599 B
Firefox => 1066632048 B
Opera => 1112535992 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Tom78 => 63017322 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:57:42 ====

Smazáno. Nastala nějaká změna?

Ne, pořád stejný.

OK. Udělejte kompletní sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.

Ten AVPTool je jinej než ten v návodu (žádná Version 11) a já nevím jak to správně nastavit, protože tam nejsou ty volby jak u návodu. Tenhle je nějakej zjednodušenej a nikde nevidím "Hidden startup objects" a taky to "Poté klepněte vlevo uprostřed na záložku Actions, vyberte možnost Select action a ujistěte se, že jsou zaškrtlé volby Disinfect a Delete if disinfection fails." - nikde to tam není. Nechci udělat něco blbě, tak se radši ptám co s tím?

Spusťte v defaultu. Víme, že ten návod je na jinou verzi, proto zvlášť píši:

Utilitu stáhněte, spusťte, nechte pracovat...

Pokud tam něco je, AVP to najde. Odkaz jsem dal jen kvůli stažení souboru.

Hotovo, ale v defaultu bylo zaškrtnuto jen System memory, Startup objects a Boot sectors. Nenašel nic. Dál se tomu můžu věnovat bohužel až v pondělí. Musím řešit nějaké rodinné záležitosti a nebudu v dosahu internetu. Doufám že to nevadí, rád bych to dořešil.

To nevadí. Já mám dnes k řešení něco podobného, navíc poměrně daleko od bydliště. Jak vidno, PC zavirován není a ty účty, které vám vadí odstraňte.

Ty účty odstranit nejdou (a ani nevím jak když nejsou vidět v "Uživatelských účtech") a pořád ovládají ten soubor který já ovládat nemohu. Zkoušel jsem i přeinstalovat ten program, ale je to pořád stejný i po reinstallu. Do tý emailový schránky se taky z tohoto pc pořád nemohu dostat.

OK. Zkuste tedy obnovu systému k datu, kdy korketně fungoval. Soubor není virus, zřejmě má nějakou chybu, nebo je poškozen registr.

To bohužel taky nejde, není žádný bod obnovy (nemám dostatek místa na disku) a registr jsem pročištil, programy co soubor používaly jsem taky přeinstaloval...nic nepomohlo a samo to nevzniklo (proto to ted řeším, ale zatim marně). Jenže ten soubor třeba používají hry co mají i 60GB i víc a přeinstalovávat pořád dokola takový hry, když internet to tahá celý den, je dost peklo. Fakt už nevím, hry nefungují, systém přeinstalovat nemůžu (nemám ted funkční DVD-ROM) a veškerý rady co jsem k tomu našel nefungují.