VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

PC blokuje antiviry nebo padá do modré smrti

https://forum.viry.cz:443/viewtopic.php?t=156172

Stránka 1 z 2

PC blokuje antiviry nebo padá do modré smrti

Napsal: 18 črc 2019 22:55
od nazdar
Dobrý den

PC mi nejdřív padalo do modré smrti a těd blokuje antiviry. Prosím o pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ja at 2019-07-18 23:36:20
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 6 GB (5%) free of 114 GB
Total RAM: 12091 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:36:21, on 18.7.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Ja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350156\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350156\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350185\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350185\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350212\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (User '?')
O4 - S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019231350212 Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe (User '?')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Stáhnout s Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.80\elevation_service.exe
O23 - Service: Axiom AIR Mini 32 Audio Device Monitor (AxiomAIRMini32AudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iOSinstallerUpdater - iOSinstaller.com - C:\Program Files (x86)\iOSinstaller\updater.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 12802 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
/QuitInfo:00000000000004BC;00000000000004C8; /AddRef;
/QuitInfo:0000000000000530;0000000000000528; /AddRef;
/QuitInfo:000000000000052C;0000000000000538;
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
/loadhooks /Parent:000000000000052C
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
C:\Windows\Explorer.EXE
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\iOSinstaller\updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
WLIDSvcM.exe 2692
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d9a85904-951b-4065-afc3-eff50d58ab79 -SystemEventPortName:HostProcess-d43615e7-2dba-4ead-87bb-8fa37c405dae -IoCancelEventPortName:HostProcess-3115954d-ced5-4fd0-9d97-81ac96f44d72 -NonStateChangingEventPortName:HostProcess-89dae077-d976-421d-bb43-9a0c336f91eb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0f28ec08-4e80-43c9-bed1-44d2ef512577
"C:\Program Files\WinFast\WFDTV\WFWIZ.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe"
KHALMNPR.EXE /API
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" -hide
"C:\Program Files\WinFast\WFDTV\DTVSchdl.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe" /hide
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe"
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe" /po:0 /version:6.65.62 /prod:setpoint /lang:ENU /qs:hit=2 /conffile=C:\Program Files\Common Files\Logishrd\sp6\LU1\LuProduct.SPP.xml
"C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe" /po:0 /version:6.65.62 /prod:setpoint /lang:ENU /qs:hit=2 /conffile=C:\Program Files\Common Files\Logishrd\sp6\LU1\LuProduct.SPP.xml
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding

C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.0.1994148713\210022920" -parentBuildID 20190705220548 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 1416 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.3.1051061829\1968078627" -childID 1 -isForBrowser -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 1 -prefMapSize 199108 -parentBuildID 20190705220548 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 2364 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.27.1822946612\1631690427" -childID 4 -isForBrowser -prefsHandle 4340 -prefMapHandle 4540 -prefsLen 6969 -prefMapSize 199108 -parentBuildID 20190705220548 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 4272 tab
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\_SOFT PC\PC BEZPEČNOST\VIRY_CZ\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179

prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.223 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.211.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.211.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22 857792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-23 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19 364824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-23 194424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22 755392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-12 10134560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-02-22 168944]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-02-22 394224]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-02-22 418800]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2014-05-19 3100440]
"iTunesHelper"=F:\iTunes\iTunesHelper.exe []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-07-17 269192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2016-04-22 67384]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2016-04-22 110392]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2016-04-22 67896]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-08-11 2920448]
"iCloudPhotos"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2016-04-22 356664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2017-01-13 67384]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2012-09-13 204136]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2011-01-12 101888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-04-01 645456]

C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-02-19 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25 66328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mbamchameleon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"VIDC.CFHD"=CFHD.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-07-18 23:36:20 ----D---- C:\rsit
2019-07-18 23:36:20 ----D---- C:\Program Files\trend micro
2019-07-18 23:14:49 ----A---- C:\Windows\system32\drivers\mbam.sys
2019-07-18 23:13:29 ----A---- C:\Windows\system32\aswBoot.exe
2019-07-18 23:13:27 ----A---- C:\Windows\system32\drivers\aswce662099328c634f.tmp
2019-07-18 23:13:27 ----A---- C:\Windows\system32\drivers\asw4663c69f490f3e94.tmp
2019-07-18 23:12:13 ----A---- C:\Windows\system32\drivers\farflt.sys
2019-07-18 23:12:00 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2019-07-18 15:57:58 ----A---- C:\Windows\system32\drivers\asw9a841879a339cd7e.tmp
2019-07-18 15:57:58 ----A---- C:\Windows\system32\drivers\asw3bb7d16e77a67a62.tmp
2019-07-17 17:27:05 ----A---- C:\Windows\system32\drivers\mwac.sys
2019-07-17 16:43:53 ----ASH---- C:\pagefile.sys
2019-07-17 03:22:29 ----D---- C:\FRST
2019-07-17 03:12:35 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2019-07-17 03:12:17 ----A---- C:\Windows\system32\drivers\mbae64.sys
2019-07-17 03:12:11 ----D---- C:\ProgramData\Malwarebytes
2019-07-17 03:12:11 ----D---- C:\Program Files\Malwarebytes
2019-07-17 02:32:55 ----D---- C:\Program Files\Mozilla Firefox
2019-07-12 02:25:26 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2019-07-18 23:36:20 ----RD---- C:\Program Files
2019-07-18 23:32:14 ----D---- C:\Windows\Temp
2019-07-18 23:26:24 ----D---- C:\Windows\system32\config
2019-07-18 23:21:51 ----SHD---- C:\Windows\Installer
2019-07-18 23:17:51 ----D---- C:\Windows\System32
2019-07-18 23:17:51 ----D---- C:\Windows\inf
2019-07-18 23:17:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-07-18 23:16:19 ----D---- C:\Windows\Minidump
2019-07-18 23:14:49 ----D---- C:\Windows\system32\drivers
2019-07-18 23:13:35 ----D---- C:\Windows\system32\Tasks
2019-07-18 23:12:20 ----D---- C:\Users\Ja\AppData\Roaming\WTablet
2019-07-17 16:57:30 ----D---- C:\Program Files\WinRAR
2019-07-17 16:44:24 ----D---- C:\Windows
2019-07-17 09:52:50 ----D---- C:\_PRENOS
2019-07-17 03:12:35 ----A---- C:\Windows\ntbtlog.txt
2019-07-17 03:12:11 ----HD---- C:\ProgramData
2019-07-17 02:51:19 ----A---- C:\Windows\system32\drivers\asw904380f20b49117e.tmp
2019-07-17 02:51:18 ----A---- C:\Windows\system32\drivers\aswd56938fa41434b80.tmp
2019-07-17 02:51:18 ----A---- C:\Windows\system32\drivers\aswab9cc15c1b526e99.tmp
2019-07-17 02:51:18 ----A---- C:\Windows\system32\drivers\aswaaabc40f216e2208.tmp
2019-07-17 02:51:18 ----A---- C:\Windows\system32\drivers\aswaa6cb53afb52a33c.tmp
2019-07-17 02:51:18 ----A---- C:\Windows\system32\drivers\asw6fe5a0837bcf6c96.tmp
2019-07-17 02:51:13 ----A---- C:\Windows\system32\drivers\aswcafc28b961173a73.tmp
2019-07-17 02:51:13 ----A---- C:\Windows\system32\drivers\asw9cd985e5f48004e6.tmp
2019-07-17 02:51:13 ----A---- C:\Windows\system32\drivers\asw9748233f9a45217d.tmp
2019-07-17 02:51:12 ----A---- C:\Windows\system32\drivers\aswf71db267d1b5625c.tmp
2019-07-17 02:51:12 ----A---- C:\Windows\system32\drivers\asw26ca51262cc888cb.tmp
2019-07-17 02:51:12 ----A---- C:\Windows\system32\drivers\asw1374914ab6417161.tmp
2019-07-17 02:46:05 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-17 01:53:22 ----D---- C:\Users\Ja\AppData\Roaming\Google
2019-07-17 01:06:41 ----D---- C:\Users\Ja\AppData\Roaming\vlc
2019-07-17 00:52:09 ----AD---- C:\ProgramData\TEMP
2019-07-17 00:51:04 ----SHD---- C:\System Volume Information
2019-07-15 17:32:51 ----D---- C:\Windows\SYSWOW64\Macromed
2019-07-15 17:17:40 ----SD---- C:\Windows\system32\Microsoft
2019-07-12 02:25:49 ----D---- C:\Program Files (x86)
2019-07-12 00:35:46 ----D---- C:\Windows\SysWOW64
2019-07-12 00:35:45 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2019-07-12 00:35:43 ----D---- C:\Windows\system32\Macromed
2019-07-06 03:31:39 ----D---- C:\Users\Ja\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2019-07-17 37320]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2019-07-17 206056]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2019-07-17 61688]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2019-07-17 88160]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2019-07-17 387392]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2019-07-17 209256]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2019-07-17 263224]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2019-07-17 279336]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2019-07-17 42504]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2019-07-17 112520]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2019-07-17 1030992]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2019-07-17 477288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2019-01-08 153328]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys []
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys []
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2019-07-17 199768]
R3 3xHybr64;WinFast DTV1000 S; C:\Windows\system32\DRIVERS\3xHybr64.sys [2010-10-13 1345664]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-19 12312928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-12 2291616]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MBAMFarflt;MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [2019-07-18 224408]
R3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\DRIVERS\mbam.sys [2019-07-18 73584]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2019-07-18 275232]
R3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2019-07-17 106344]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 WacHidRouterPro;Wacom Hid Router Pro; C:\Windows\system32\DRIVERS\wachidrouter.sys [2017-10-17 115704]
R3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2017-10-08 17912]
S3 AXIOMAIRMINI32;Service for M-Audio Axiom AIR Mini 32; C:\Windows\system32\DRIVERS\MAudioAxiomAIRMini32.sys [2012-12-13 134504]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2016-03-03 13776]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2014-03-19 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2014-03-19 13080]
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
S3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2014-08-15 23040]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2014-12-01 23552]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2014-12-01 79360]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-17 54784]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVLAN60.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2017-10-17 115704]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-07-17 414976]
R2 AxiomAIRMini32AudioDevMon;Axiom AIR Mini 32 Audio Device Monitor; C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe [2012-12-13 192360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-10-10 38000]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GoProDeviceDetectionService;GoPro Device Detection Service; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [2016-04-14 37808]
R2 iOSinstallerUpdater;iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [2015-04-08 165376]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2019-06-26 6744288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-07-17 6797008]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-05 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-08-30 103552]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-08-30 124024]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-07-12 335416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-05 164984]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.80\elevation_service.exe [2019-06-12 978720]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe [2019-07-13 1098224]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-01-19 651576]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12 177376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2014-03-25 357144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-07-12 238624]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-08-30 50808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]

-----------------EOF-----------------

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 18 črc 2019 23:55
od Conder
Ahoj :)

:arrow: Ako sa prejavuje to blokovanie antivirusov?

:arrow: Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 19 črc 2019 17:21
od nazdar
Zdravím. Antivir Avast nejdřív nešel spustit až po několika restartech ano. Když jsem udělal cílený test na 2 HDD co mám v PC tak když to detekovalo první problém, tak celé okno Avastu zbělelo a přestal pracovat. Pak jsem nastavil test po restartu před naběhnutím systému, ale nejsem si jist zlepšením. V nouzáku Avast naběhne rovnou do hlášky že sorry něco pokazilo. Pořád mi něco shazuje okna ve web browserech - Chrome, Mozilla rovnou padá celá.
----------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Ja (administrator) on KLUMPIK (Gigabyte Technology Co., Ltd. H55M-USB3) (19-07-2019 18:05:46)
Running from C:\Users\Ja\Desktop
Loaded Profiles: Ja (Available Profiles: Ja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(inMusic Brands, Inc -> M-Audio) C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(iOSinstaller.com) [File not signed] C:\Program Files (x86)\iOSinstaller\Updater.exe
(Leadtek Research Inc.) [File not signed] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(Leadtek Research Inc.) [File not signed] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NEC Electronics Corporation) [File not signed] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Open Source Developer, Birunthan Mohanathas -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => "F:\iTunes\iTunesHelper.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation) [File not signed]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2011-01-12] (Leadtek Research Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2920448 2010-08-11] (Leadtek Research Inc.) [File not signed]
HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\system32\CFHD.dll [1334784 2016-04-14] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2016-04-14] (CineForm Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.80\Installer\chrmstp.exe [2019-07-05] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-03]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Open Source Developer, Birunthan Mohanathas -> Raifmeter)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved ufless listed separately.)

Task: {0809B9C8-41AE-4422-AD19-737996D370A0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {12ACD551-CCEB-4DD3-8FE7-04648BB9504D} - System32\Tasks\{E2869F52-4881-4DAC-8F6B-526941FC936D} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\FreeRapid-0.9u4\frd.exe" -d "C:\_SOFT PC\FreeRapid-0.9u4"
Task: {1329749A-EBD3-4E2B-AA58-1F5E5BD63906} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {16DCAE58-6F8D-4BB1-BECD-CBFEE3748E22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {19635D1F-6FC4-4705-865B-B755D7F71D5E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {1D7CA001-5B29-464B-8372-35986BC5AEE7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {40226D9F-FB6C-4C5B-8776-CE8BBBC5578F} - System32\Tasks\Intel_C_CVCV437600JZ120BGN => C:\Program Files (x86)\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [1508096 2017-05-23] (Intel(R) Corporation - NAND Flash Memory -> Intel)
Task: {432A15F1-F0B4-4DC5-977C-44527C9E568D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {5B59A617-D29C-44A9-8995-02B501680CC9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {65E1029C-F38D-40B7-88C1-3232FBF8CEBD} - System32\Tasks\{457F9BC0-7546-4439-8DE1-04C88A7E8897} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\_NEW\Gigabyte MB ovladače pro 64bit\GSATA\setup.exe" -d "C:\_SOFT PC\_NEW\Gigabyte MB ovladače pro 64bit\GSATA"
Task: {66C50F60-BC38-4D86-A51C-4BC1A61484FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-12] (Adobe Inc. -> Adobe)
Task: {6A352A35-AA91-4CBC-9A67-BA1B9F2A55F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2281944 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {73BB5663-C52A-4C3B-8523-B7D30A7124CF} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe <==== ATTENTION
Task: {93CB1020-5A7A-47CE-939B-E48177DF43CB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-12] (Adobe Inc. -> Adobe)
Task: {B615EB3D-B574-4078-A250-0DD7DA0E88DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {B61F4E09-D16A-4908-A03B-4D9E485CD674} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {BC84E6D2-5B19-4BED-A333-2B1975E12021} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C3758CD8-7C00-4233-90E1-0C66A61BB2A5} - System32\Tasks\{4613B891-F175-458F-9DED-0E9F8E04AD20} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\TV karta Leadtek\DTV1000 S(x64).exe" -d "C:\_SOFT PC\TV karta Leadtek"
Task: {E7D8D2F7-991F-42BB-8E54-7A52D8DA398D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {EBC845B6-3901-40DE-8713-1FEC400E8DA8} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{18FF7335-0959-4002-8D05-35C748182987}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{6AD5AA1F-4F8D-4C5B-AE17-37D9223E0BF7}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-3261876755-477165021-623360622-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech -> Logitech, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
IE Session Restore: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> is enabled.
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2017-11-14] (Microsoft Windows -> Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: 0bmdc21x.default-1518424542179
FF ProfilePath: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\cm6vrsq8.default-release [2019-07-19]
FF Extension: (ETP Search Volume Study) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\cm6vrsq8.default-release\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-07-19]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\cm6vrsq8.default-release\Extensions\sp@avast.com.xpi [2019-07-19]
FF Extension: (Avast Online Security) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\cm6vrsq8.default-release\Extensions\wrc@avast.com.xpi [2019-07-19]
FF ProfilePath: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179 [2019-07-19]
FF Homepage: Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179 -> hxxps://www.google.cz/
FF Session Restore: Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\@contain-facebook.xpi [2019-07-12]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\browsec@browsec.com.xpi [2019-07-19]
FF Extension: (Enhancer for YouTube™) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2019-07-12]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\sp@avast.com.xpi [2019-07-17]
FF Extension: (uBlock Origin) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\uBlock0@raymondhill.net.xpi [2019-07-19]
FF Extension: (Avast Online Security) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\wrc@avast.com.xpi [2018-06-30]
FF Extension: (Video DownloadHelper) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\0bmdc21x.default-1518424542179\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-31] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-12] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-12] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3261876755-477165021-623360622-1001: @hola.org/vlc,version=1.8.28 -> C:\Users\Ja\AppData\Local\Hola\firefox\app\vlc [2015-05-28] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default [2019-07-19]
CHR Extension: (Prezentace) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Dokumenty) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
CHR Extension: (YouTube) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-07]
CHR Extension: (Vyhledávání Google) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-31]
CHR Extension: (Video Downloader professional) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-05-07]
CHR Extension: (Tabulky) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-17]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-11-05]
CHR Extension: (Avast Online Security) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-08-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.80\elevation_service.exe [978720 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 AxiomAIRMini32AudioDevMon; C:\Program Files (x86)\M-Audio\Axiom AIR Mini 32\AudioDevMon.exe [192360 2012-12-13] (inMusic Brands, Inc -> M-Audio)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-04-14] (GoPro, Inc. -> )
R2 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [779208 2017-10-18] (Wacom Technology Corporation -> Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1345664 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> NXP Semiconductors Germany GmbH)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
S3 AXIOMAIRMINI32; C:\Windows\System32\DRIVERS\MAudioAxiomAIRMini32.sys [134504 2012-12-13] (inMusic Brands, Inc -> M-Audio)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [13776 2016-03-03] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio -> M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio -> M-Audio)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-07-17] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2009-11-20] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [177152 2009-11-20] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [23552 2014-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [79360 2014-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 ULCDRHlp; C:\Windows\SysWOW64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [115704 2017-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Wacom Technology, Corp.)
R3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115704 2017-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [17912 2017-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Wacom Technology, Corp.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 VLAN; system32\DRIVERS\RtVLAN60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-19 18:05 - 2019-07-19 18:06 - 000036278 _____ C:\Users\Ja\Desktop\FRST.txt
2019-07-19 18:05 - 2019-07-19 18:04 - 002095104 _____ (Farbar) C:\Users\Ja\Desktop\FRST64.exe
2019-07-19 01:39 - 2019-07-19 01:39 - 000266288 _____ C:\Windows\Minidump\071919-11575-01.dmp
2019-07-19 01:32 - 2019-07-19 01:32 - 000270184 _____ C:\Windows\Minidump\071919-9344-01.dmp
2019-07-19 01:24 - 2019-07-19 01:24 - 002095104 _____ (Farbar) C:\Users\Ja\Downloads\FRST64.exe
2019-07-19 00:42 - 2019-07-19 00:42 - 000266320 _____ C:\Windows\Minidump\071919-8533-01.dmp
2019-07-19 00:19 - 2019-07-19 01:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-19 00:08 - 2019-07-17 02:51 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-19 00:08 - 2019-07-17 02:51 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-19 00:08 - 2019-07-17 02:51 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\rsit
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\Program Files\trend micro
2019-07-18 23:14 - 2019-07-19 01:40 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-18 23:12 - 2019-07-19 01:40 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-18 23:12 - 2019-07-18 23:12 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-17 17:27 - 2019-07-17 17:27 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-17 03:22 - 2019-07-19 18:05 - 000000000 ____D C:\FRST
2019-07-17 03:12 - 2019-07-19 00:42 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-17 03:12 - 2019-07-17 03:12 - 000001872 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-17 03:12 - 2019-07-17 03:12 - 000000000 ____D C:\Users\Ja\AppData\Local\mbamtray
2019-07-17 03:12 - 2019-07-17 03:12 - 000000000 ____D C:\Users\Ja\AppData\Local\mbam
2019-07-17 03:12 - 2019-07-17 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-17 03:12 - 2019-07-17 03:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-17 03:12 - 2019-07-17 03:12 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-17 03:12 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-17 00:11 - 2019-07-18 23:13 - 000000000 _____ C:\Windows\system32\last.dump
2019-07-12 02:25 - 2019-07-19 00:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-19 17:49 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-19 17:49 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-19 17:43 - 2014-11-19 19:06 - 000000000 ____D C:\ProgramData\TEMP
2019-07-19 17:36 - 2015-02-22 07:34 - 000000000 ____D C:\Users\Ja\AppData\Local\CrashDumps
2019-07-19 17:35 - 2016-12-03 08:17 - 000000000 ____D C:\Users\Ja\AppData\LocalLow\Mozilla
2019-07-19 17:31 - 2015-10-16 03:20 - 000000000 ____D C:\Users\Ja\AppData\Roaming\WTablet
2019-07-19 01:45 - 2010-11-21 11:27 - 000668266 _____ C:\Windows\system32\perfh005.dat
2019-07-19 01:45 - 2010-11-21 11:27 - 000140926 _____ C:\Windows\system32\perfc005.dat
2019-07-19 01:45 - 2009-07-14 07:13 - 001582262 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-19 01:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-07-19 01:40 - 2015-10-22 19:17 - 000000000 ___RD C:\Users\Ja\iCloudDrive
2019-07-19 01:39 - 2016-01-22 07:54 - 000000000 ____D C:\Windows\Minidump
2019-07-19 01:39 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-19 01:32 - 2015-03-16 01:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-19 00:42 - 2014-11-21 19:53 - 000689984 _____ C:\Windows\ntbtlog.txt
2019-07-19 00:26 - 2018-09-30 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-07-19 00:26 - 2015-12-25 05:37 - 000000000 ____D C:\Users\Ja\AppData\LocalLow\Adblock Plus for IE
2019-07-19 00:26 - 2014-11-19 19:03 - 000000000 ____D C:\Users\Ja\AppData\Roaming\uTorrent
2019-07-19 00:26 - 2014-11-19 19:03 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2019-07-19 00:26 - 2014-11-19 18:47 - 000000000 ____D C:\_SOFT PC
2019-07-19 00:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\ras
2019-07-19 00:09 - 2017-04-05 04:42 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-07-19 00:09 - 2017-04-05 04:42 - 000002008 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-07-17 17:00 - 2018-09-30 22:22 - 000001031 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-07-17 16:57 - 2014-11-21 02:45 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-07-17 16:57 - 2014-11-21 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-07-17 16:57 - 2014-11-21 02:45 - 000000000 ____D C:\Program Files\WinRAR
2019-07-17 09:52 - 2015-09-24 14:00 - 000000000 ____D C:\_PRENOS
2019-07-17 03:10 - 2016-01-15 17:15 - 000000000 ____D C:\Users\Ja\AppData\Local\ElevatedDiagnostics
2019-07-17 02:51 - 2019-05-14 00:13 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-07-17 02:51 - 2019-05-14 00:13 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-07-17 02:51 - 2019-05-14 00:13 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-07-17 02:51 - 2019-05-14 00:13 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-07-17 02:51 - 2019-05-14 00:13 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-07-17 02:51 - 2018-02-25 16:16 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-07-17 02:51 - 2018-02-25 16:16 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-07-17 02:51 - 2017-04-05 04:42 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-17 02:51 - 2017-04-05 04:42 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-07-17 02:51 - 2017-04-05 04:42 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-07-17 02:51 - 2017-04-05 04:42 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-07-17 02:51 - 2017-04-05 04:42 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-07-17 01:53 - 2014-11-19 18:30 - 000000000 ____D C:\Users\Ja\AppData\Roaming\Google
2019-07-17 01:06 - 2018-09-30 23:22 - 000000000 ____D C:\Users\Ja\AppData\Roaming\vlc
2019-07-16 03:42 - 2014-11-19 10:34 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 03:42 - 2014-11-19 10:34 - 000002148 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 17:32 - 2014-11-19 18:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-12 00:35 - 2018-03-16 00:25 - 000004520 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-12 00:35 - 2015-08-17 14:18 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-12 00:35 - 2014-11-19 18:46 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-12 00:35 - 2014-11-19 18:46 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-12 00:35 - 2014-11-19 18:46 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-05 13:44 - 2019-04-18 00:08 - 000003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-07-05 13:44 - 2019-04-18 00:08 - 000003150 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-07-05 13:44 - 2018-04-05 14:14 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-07-05 13:44 - 2018-04-05 14:14 - 000002351 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories ================

2017-04-05 19:31 - 2018-10-22 00:54 - 000000033 _____ () C:\Users\Ja\AppData\Roaming\AdobeWLCMCache.dat
2016-03-31 01:36 - 2016-04-05 03:00 - 000002298 _____ () C:\Users\Ja\AppData\Roaming\ASSDraw3.cfg
2015-08-24 19:56 - 2015-08-24 19:56 - 000000112 _____ () C:\Users\Ja\AppData\Roaming\JP2K CS6 Prefs
2015-01-14 06:42 - 2015-01-14 06:42 - 183677480 _____ () C:\Users\Ja\AppData\Local\ACCCx2_9_0_465.zip.aamdownload
2015-01-14 06:42 - 2015-01-14 06:42 - 000002195 _____ () C:\Users\Ja\AppData\Local\ACCCx2_9_0_465.zip.aamdownload.aamd
2015-12-23 04:12 - 2018-11-06 08:44 - 000007623 _____ () C:\Users\Ja\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-12 00:44
==================== End of FRST.txt ============================

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 19 črc 2019 17:25
od nazdar
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Ja (19-07-2019 18:07:20)
Running from C:\Users\Ja\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-11-19 08:26:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3261876755-477165021-623360622-500 - Administrator - Disabled)
Guest (S-1-5-21-3261876755-477165021-623360622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3261876755-477165021-623360622-1002 - Limited - Enabled)
Ja (S-1-5-21-3261876755-477165021-623360622-1001 - Administrator - Enabled) => C:\Users\Ja

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Aegisub 3.2.1 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.1 - Aegisub Team)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.0.1447.80 - Autoři prohlížeče Avast Secure Browser)
Blackmagic Fusion (HKLM\...\{7934F129-3C89-4C03-8D28-F8EB92DCEBCA}) (Version: 8.2.1 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
ClipToolz-Convert-V2 (HKLM\...\{FCB459DD-9FB7-4EC2-A335-3F1F5A3B4AF2}) (Version: 2.1.10 - ClipToolz.com)
Codec-TS SDK (HKLM-x32\...\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}) (Version: - ArcSoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
De-interlace SDK (HKLM-x32\...\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}) (Version: - ArcSoft)
Dragonframe (HKLM-x32\...\{F958567E-8F16-4A1E-9985-D3271E34951D}) (Version: 3.0.2 - DZED Systems LLC)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free iTunes Backup Extractor version 6.0.3 (HKLM-x32\...\{F891E77B-EB1C-4035-BCC4-4DEF91EDD69E}_is1) (Version: 6.0.3 - HONGKONG JIHO CO., LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro (HKLM\...\{11994124-739A-42BB-A6D2-3AC95355BDC6}) (Version: 0.1.2371 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{701bfbd9-f576-470f-8fd0-eca3e608bd97}) (Version: 0.1.0.2371 - GoPro, Inc.)
GoPro Studio (HKLM-x32\...\{BCBF5E75-C1AD-4169-A70C-3A0BD9A7F9CF}) (Version: 5.8.2371 - GoPro, Inc.) Hidden
HFSExplorer 0.23.1 (HKLM-x32\...\HFSExplorer) (Version: 0.23.1 - Catacombae Software)
Charger Monitor (HKLM-x32\...\Charger Monitor10.4.35) (Version: 10.4.35 - EV-Peak.com)
iBackupBot 5.4.4 (HKLM-x32\...\iBackupBot) (Version: 5.4.4 - VOWSoft, Ltd.)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.4.6.400 - Intel Corporation)
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
M-Audio Axiom AIR Mini 32 1.0.1 (x64) (HKLM\...\{613163E3-0FC3-4CA3-8835-05D2D6C03523}) (Version: 1.0.1 - M-Audio)
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (HKLM\...\{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}) (Version: 5.0.0 - M-Audio)
MediaInfo 17.12 (HKLM\...\MediaInfo) (Version: 17.12 - MediaArea.net)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Phoenix R/C® (HKLM-x32\...\PhoenixRC) (Version: 5.0.p - Runtime Games Ltd)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
ProgDVB x64 (HKLM\...\ProgDVB) (Version: 7.x - Prog)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
R-Studio 7.2 (HKLM-x32\...\R-Studio 7.2NSIS) (Version: 7.2.155105 - R-Tools Technology Inc.)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
TT-SB SDK (HKLM-x32\...\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}) (Version: - ArcSoft)
VFW_Codec32 (HKLM-x32\...\{32223B55-ECE6-4093-971B-D176C4A4C89A}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{C75FFC1A-4578-4D11-BC60-188BDD72A668}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.25-5 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFast Multimedia Driver Installation (HKLM-x32\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version: 7.5.2.4 - Leadtek Research Inc.)
WinFast PVR2 (HKU\S-1-5-21-3261876755-477165021-623360622-1001\...\{C92C584E-C781-475E-A8E2-C67D993A6B95}) (Version: 2.0.3.36 - Leadtek)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3261876755-477165021-623360622-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2017-01-01 16:00 - 2017-01-01 16:00 - 000023040 _____ () [File not signed] C:\Program Files\Rainmeter\Plugins\InputText.dll
2017-01-01 15:59 - 2017-01-01 15:59 - 000096256 _____ () [File not signed] C:\Program Files\Rainmeter\Plugins\PerfMon.DLL
2017-01-01 15:59 - 2017-01-01 15:59 - 000136704 _____ () [File not signed] C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2015-01-29 19:21 - 2010-11-15 12:05 - 000073728 _____ () [File not signed] C:\Program Files\WinFast\WFDTV\RCConfig\RCKeysInfoIO.dll
2015-01-29 19:21 - 2009-04-01 15:07 - 000303188 _____ () [File not signed] C:\Program Files\WinFast\WFDTV\RTL283XACCESS.dll
2015-01-29 19:21 - 2008-12-02 12:04 - 000007680 _____ () [File not signed] C:\Program Files\WinFast\WFDTV\WIZLANGCZE.dll
2015-01-29 19:21 - 2010-03-22 13:02 - 000094208 _____ (afa) [File not signed] C:\Program Files\WinFast\WFDTV\AF15BDAEX.dll
2015-04-08 16:11 - 2015-04-08 16:11 - 000165376 _____ (iOSinstaller.com) [File not signed] C:\Program Files (x86)\iOSinstaller\updater.exe
2015-01-29 19:21 - 2010-03-01 11:05 - 000049152 _____ (ITE Technologies, Inc.) [File not signed] C:\Program Files\WinFast\WFDTV\AF9100EX.dll
2015-01-29 19:21 - 2011-01-12 11:05 - 000101888 _____ (Leadtek Research Inc.) [File not signed] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
2015-01-29 19:21 - 2010-08-11 17:11 - 002920448 _____ (Leadtek Research Inc.) [File not signed] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
2015-11-22 13:44 - 2015-11-22 13:44 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2009-11-20 13:17 - 2009-11-20 13:17 - 000086016 _____ (NEC Electronics Corporation) [File not signed] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2009-11-20 13:17 - 2009-11-20 13:17 - 000106496 _____ (NEC Electronics Corporation) [File not signed] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2015-01-29 19:21 - 2004-12-13 05:34 - 000049152 ____N (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-01-05 01:21 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Kingston SSD Toolbox;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-3261876755-477165021-623360622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{40C03F33-FBA2-4B5A-BCB0-4DC35F642C03}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{BD632344-130D-4166-9312-3CAC5BD4002C}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{BBEB5900-F0B3-4B95-BED3-F49D1829F9A9}C:\users\ja\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ja\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{FDC36610-3F89-4D38-9445-C64C499E327A}C:\users\ja\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ja\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{703D4769-03C8-4EC0-A4DE-093E16B21A47}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{A60DE5D6-0C1E-47EC-9D72-3D69062148E8}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{BFF9CC14-A03E-4C1B-A574-EF051123D9D8}C:\_soft pc\grafika\aftry x problem\after effects cc 2014 portable\adobe after effects cc 2014.exe] => (Allow) C:\_soft pc\grafika\aftry x problem\after effects cc 2014 portable\adobe after effects cc 2014.exe (Adobe Systems Incorporated) [File not signed]
FirewallRules: [UDP Query User{EEB4760A-0FE7-4337-AFE2-72045979B625}C:\_soft pc\grafika\aftry x problem\after effects cc 2014 portable\adobe after effects cc 2014.exe] => (Allow) C:\_soft pc\grafika\aftry x problem\after effects cc 2014 portable\adobe after effects cc 2014.exe (Adobe Systems Incorporated) [File not signed]
FirewallRules: [TCP Query User{B4838671-C1C9-48A9-ADEF-B6C464CA7739}C:\users\ja\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ja\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{98FF6CA6-7083-4820-878F-F58398F3055A}C:\users\ja\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ja\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{0519F281-C5CF-4835-88FD-B6605EECAAFD}] => (Allow) C:\Users\Ja\AppData\Local\Temp\nsbEEF3.tmp\CnetInstaller-76098611.exe No File
FirewallRules: [{FE39E671-A4E0-4AFB-8A4E-F05B11B6ABAA}] => (Allow) C:\Users\Ja\AppData\Local\Temp\nsbEEF3.tmp\CnetInstaller-76098611.exe No File
FirewallRules: [TCP Query User{47622900-BAE0-4063-8E2B-9445A85EB9EE}C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{A48CE42D-4390-443D-B975-B5025974059F}C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{8D4666FB-9FBD-453B-8481-BC7647D40F76}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E6B03FF-9291-4DC6-8C1E-7D3C6AF7CA17}] => (Allow) LPort=2869
FirewallRules: [{5406F6E0-FA0D-48EA-B36F-7D62E8EE7F11}] => (Allow) LPort=1900
FirewallRules: [{FCD8E465-7083-41AC-94F0-B2721E6BE0D2}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{4A93DB40-DB68-44A4-B2BB-9CE493544209}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [TCP Query User{0A68A2CE-A196-4A71-80E0-79FB31FDA0BB}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [UDP Query User{E8E1242B-33E0-491D-88E8-0A052AF00DD7}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{C89A516E-C4C4-4354-AF8A-5D3A18E283C8}] => (Allow) LPort=8317
FirewallRules: [{B05013B7-3CC3-41D7-95A9-769B963B4C5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1DB52751-732E-4F67-A37B-198545E0BBDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F9ADF310-5877-45B2-980D-46513188D1E8}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe (iosinstaller.com) [File not signed]
FirewallRules: [{1C210EB4-7B20-48F4-ADAA-B85D2CBF024E}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe (iosinstaller.com) [File not signed]
FirewallRules: [TCP Query User{773EF673-513B-4A6B-9422-A7B1C1C3E4B3}C:\program files (x86)\java\jre1.8.0_45\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{4C0CEC21-7DA7-4D01-A3AC-AF40D4298652}C:\program files (x86)\java\jre1.8.0_45\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{B95E26BE-43C3-437A-AB72-B18D3CBB573A}] => (Allow) C:\Users\Ja\AppData\Local\Hola\firefox\app\hola_plugin.exe (Hola Networks Ltd. -> Hola Networks Ltd.)
FirewallRules: [{9E9DD1AF-2939-4B92-BE5F-AC8EE277C4FF}] => (Allow) C:\Users\Ja\AppData\Local\Hola\firefox\app\hola_plugin.exe (Hola Networks Ltd. -> Hola Networks Ltd.)
FirewallRules: [{12FDE850-1C7C-49DD-8102-0D3E3DE5962A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2C5BC15-D162-4C74-96A6-A8F31991B0BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6306971-0620-4827-849C-F82D2DE7B3F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6095D3D7-36EB-473C-B514-EBFCDC6F76DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5828C1B8-F617-4057-BBDD-6951165A0BEE}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe (GoPro, Inc. -> )
FirewallRules: [{CCDF53C2-2C22-420E-AF55-DD499D39CD8B}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{E678B5D4-7288-488D-BD96-229C6FCEF271}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{041A729B-02F2-4D8B-B41B-3EC0AACBFD8F}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{C60849F9-0AA7-4B56-A38A-D993A8ABA51E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{A3320806-C6DC-4012-9BB9-91DE7E7C88D7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [TCP Query User{A4D54680-5E5D-4724-AC30-460A20CB7289}C:\program files (x86)\java\jre1.8.0_91\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{970CB559-F0D1-495C-8F14-37D934BAA207}C:\program files (x86)\java\jre1.8.0_91\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\launch4j-tmp\frd.exe No File
FirewallRules: [{FD1F9AAE-43E7-4D2E-A887-AC3278E82340}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper\VLC Setup Helper.exe No File
FirewallRules: [{F2A075AF-70BE-4716-8EC0-14D2162A4977}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper\mDNSResponder.exe No File
FirewallRules: [{7F4EC7DC-2898-4E06-8FAA-6D86D93C446E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe No File
FirewallRules: [{09BB85D7-B08B-41A9-B932-1D8419C4118E}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{55D2A1C9-66F4-4F77-93ED-D504FF4E977D}] => (Allow) C:\Program Files\VideoLAN\VLC\vlc.exe No File
FirewallRules: [{7E457129-5D62-4C19-B754-7D84D3FB27ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe No File
FirewallRules: [{D54A4C2C-6ECB-4BD8-93C4-9F3404FD75CE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe No File
FirewallRules: [{BB1F53D6-28F7-4A96-BF38-B6DC37EEF28D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe No File
FirewallRules: [{6BE1ED98-F62B-40FE-A153-7D64F4F7CE4F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe No File
FirewallRules: [{83D80450-8777-4BBF-9783-2B5274002538}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe No File
FirewallRules: [{EEE45D9A-EE54-45CD-B643-62C7AC734D4F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe No File
FirewallRules: [{89CF0B96-AFC9-412B-B472-E72A5D885B7C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe No File
FirewallRules: [{51EBAF45-C2F6-4348-A15D-1942BC601741}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe No File
FirewallRules: [TCP Query User{E80F1798-1388-41E1-AF79-900854AB8DE4}C:\program files (x86)\dzed\dragonframe\dragonframe.exe] => (Allow) C:\program files (x86)\dzed\dragonframe\dragonframe.exe () [File not signed]
FirewallRules: [UDP Query User{7E0C0178-2D01-4529-A070-AED2031C07BE}C:\program files (x86)\dzed\dragonframe\dragonframe.exe] => (Allow) C:\program files (x86)\dzed\dragonframe\dragonframe.exe () [File not signed]
FirewallRules: [{90DC8807-67C9-4521-8DB2-8E4B59408289}] => (Allow) C:\Program Files (x86)\PhoenixRC\phoenixRC.exe () [File not signed]
FirewallRules: [{A215AB5D-362F-446D-A5EB-71DC29B37B56}] => (Allow) C:\Program Files (x86)\PhoenixRC\phoenixRC.exe () [File not signed]
FirewallRules: [TCP Query User{53DF792D-AE29-4D45-B69D-EA9427BE4C35}C:\_soft pc\vlc-3.0.0-20170116-0444-git-win64\vlc-3.0.0-git\vlc.exe] => (Allow) C:\_soft pc\vlc-3.0.0-20170116-0444-git-win64\vlc-3.0.0-git\vlc.exe No File
FirewallRules: [UDP Query User{652493B0-6F19-475A-AA92-4489ABD5E256}C:\_soft pc\vlc-3.0.0-20170116-0444-git-win64\vlc-3.0.0-git\vlc.exe] => (Allow) C:\_soft pc\vlc-3.0.0-20170116-0444-git-win64\vlc-3.0.0-git\vlc.exe No File
FirewallRules: [TCP Query User{351DE25C-C97E-4D26-A084-8B57B7D2B069}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe No File
FirewallRules: [UDP Query User{AE4B61DA-5976-4E54-96FC-8D27F51B8214}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe No File
FirewallRules: [{F4D62EB6-41F6-4666-A291-13D06D483525}] => (Allow) F:\iTunes\iTunes.exe No File
FirewallRules: [TCP Query User{396BD5D6-139D-4038-A289-9EBD9100623C}C:\program files (x86)\java\jre1.8.0_121\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{F813EB4D-F2FB-4E9D-9348-28F64406244C}C:\program files (x86)\java\jre1.8.0_121\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{20A99507-F779-438D-9600-FB1E9F6B887D}C:\program files (x86)\java\jre1.8.0_131\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{6BA52F5E-3399-4EF5-8F4F-3694094B1B90}C:\program files (x86)\java\jre1.8.0_131\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\launch4j-tmp\frd.exe No File
FirewallRules: [{275FFE89-C1EA-4149-9290-127F6617AC62}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe No File
FirewallRules: [{C603C0AB-6178-46DE-A2F7-A5BCDDDBEEEC}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\FuScript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{D3510149-7A4D-4BE0-B922-E71B0476C126}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\Fusion.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{F5CBB2CD-F322-407D-9345-7782D8ED5C3E}] => (Allgw) C:\Program Fyles\Blackmagic Design\Fusion 8\FusionServer.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{11F7B0FF-A1D7-4871-8FED-4DAE293D20D3}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\QTServer\FusionQTServer.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [TCP Query User{4BB6168A-B1FA-4B37-A28F-7F487818B55B}C:\program files (x86)\java\jre1.8.0_144\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{C0A1D4F3-9B46-4936-89A2-5BF43A7CFFCC}C:\program files (x86)\java\jre1.8.0_144\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{E06D8E5B-7B66-4CA6-943B-6810F13610F1}C:\program files (x86)\java\jre1.8.0_151\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{D8391A38-4019-4AE1-A43F-9A5651248218}C:\program files (x86)\java\jre1.8.0_151\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\launch4j-tmp\frd.exe No File
FirewallRules: [{562CFCC6-A420-401B-8901-59317BDDAC8E}] => (Allow) D:\_SOFT\_HRY\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe No File
FirewallRules: [{8E2CD145-DE24-41D5-9976-AC0CC0D82768}] => (Allow) D:\_SOFT\_HRY\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe No File
FirewallRules: [{6BC0EDC8-74F3-4703-8E2C-4DDED039DB06}] => (Allow) D:\_SOFT\_HRY\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe No File
FirewallRules: [{102FBA5C-B1D0-4548-940D-DB0F2808FA01}] => (Allow) D:\_SOFT\_HRY\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe No File
FirewallRules: [TCP Query User{88E8DCDD-4B5B-4DF6-9096-170650BBAED4}C:\program files (x86)\java\jre1.8.0_161\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{BD2DA1BD-E081-4147-BB6C-BCB4F60FEF78}C:\program files (x86)\java\jre1.8.0_161\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{91BE9934-6150-4558-8CF8-C2ED012AABEC}C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{E3318915-4F49-4B52-88F1-0815B2D94850}C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{614A3402-BEAB-4830-A98B-F059630578B5}C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{6406CA34-04A9-4C6C-8F23-5E3C73BB7FF1}C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{A0DA9FC9-3213-4A9D-9699-9B0DF74448B6}C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{70831743-CAC5-48C2-A234-D5AB8E050742}C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe No File
FirewallRules: [{96660A5C-A9EC-4D2A-A261-4A514060809C}] => (Block) C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe No File
FirewallRules: [{D400B5D3-C980-4A1F-A9D8-2E857EEA2180}] => (Block) C:\program files (x86)\java\jre1.8.0_181\launch4j-tmp\frd.exe No File
FirewallRules: [{4CC09516-C820-467E-8D54-B779D350FF12}] => (Allow) C:\Users\Ja\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{B402A643-6EE8-4555-A2E2-936A44458328}] => (Allow) C:\Users\Ja\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{8B1FDFF3-D94C-48C9-9BD7-B2433A8C7BE1}C:\program files (x86)\java\jre1.8.0_201\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\launch4j-tmp\frd.exe No File
FirewallRules: [UDP Query User{9A2D953A-305C-4CE3-B5FF-8C34D33F11F9}C:\program files (x86)\java\jre1.8.0_201\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\launch4j-tmp\frd.exe No File
FirewallRules: [TCP Query User{8CA2A93D-A941-49FF-834F-117730348314}C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{828B6660-E233-4858-BF41-D9B79102A9B7}C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{7AAE174C-FDC0-4DB1-B96B-6B472CB4CCE5}] => (Block) C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{E3546E95-F6AA-4019-867B-07C4CC45C719}] => (Block) C:\program files (x86)\java\jre1.8.0_211\launch4j-tmp\frd.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{A22BDB55-82A7-4DD5-8691-0102F8CA57CF}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{2833DB0F-1B7D-47D5-A7B2-D9C78E768D16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{58E826A1-2CAD-4DFA-8100-84D299A7554B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{7A5BC40E-3069-407E-8C00-1686E7CBDAE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File

==================== Restore Points =========================

19-07-2019 02:04:31 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2019 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmpnetwk.exe, verze: 12.0.7601.17514, časové razítko: 0x4ce7ae7f
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94ee4
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000024fe9
ID chybujícího procesu: 0x980
Čas spuštění chybující aplikace: 0x01d53dc266895355
Cesta k chybující aplikaci: C:\Program Files\Windows Media Player\wmpnetwk.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 230269d7-aa3b-11e9-a116-6cf04970e276

Error: (07/19/2019 05:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_CryptSvc, verze: 6.1.7600.16385, časové razítko: 0x4a5bc3c1
Název chybujícího modulu: msxml3.dll, verze: 8.110.7601.23648, časové razítko: 0x58767317
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009100
ID chybujícího procesu: 0x520
Čas spuštění chybující aplikace: 0x01d53dc21bac7d3c
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\msxml3.dll
ID zprávy: 060fb614-aa3b-11e9-a116-6cf04970e276

Error: (07/19/2019 05:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DllHost.exe, verze: 6.1.7600.16385, časové razítko: 0x4a5bca54
Název chybujícího modulu: msxml3.dll, verze: 8.110.7601.23648, časové razítko: 0x58767317
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000001729
ID chybujícího procesu: 0x8b0
Čas spuštění chybující aplikace: 0x01d53e47c613cbb3
Cesta k chybující aplikaci: C:\Windows\system32\DllHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\msxml3.dll
ID zprávy: 05bc3dab-aa3b-11e9-a116-6cf04970e276

Error: (07/19/2019 02:13:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7395

Error: (07/19/2019 02:13:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7395

Error: (07/19/2019 02:13:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2019 01:40:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/19/2019 01:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/19/2019 05:38:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Klient DNS, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (07/19/2019 05:38:12 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: Nový server médií nebyl inicializován, protože u funkce RegisterRunningDevice() došlo k chybě 0x8004a025. Restartujte počítač a potom restartujte službu WMPNetworkSvc.

Error: (07/19/2019 05:38:12 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: Nový server médií nebyl inicializován, protože u funkce RegisterRunningDevice() došlo k chybě 0x80040500. Restartujte počítač a potom restartujte službu WMPNetworkSvc.

Error: (07/19/2019 05:37:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/19/2019 05:36:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Sledování umístění v síti (NLA), ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (07/19/2019 05:36:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sledování umístění v síti (NLA) byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund: Restartovat službu.

Error: (07/19/2019 05:36:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Pracovní stanice byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/19/2019 05:36:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Klient DNS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2017-04-05 01:18:14.598
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{4FA53B93-3B88-4F7D-A914-E57A3F41AF34}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Klumpik\Ja

Date: 2016-12-31 02:34:57.515
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{EB70CF80-A6C9-4ED8-A484-B1F4490A3D5C}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-10-02 05:39:03.399
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{A148D147-7081-4721-B3FF-889511D73621}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

CodeIntegrity:
===================================

Date: 2019-07-17 02:46:04.738
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 02:46:04.707
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 01:48:23.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 01:48:23.424
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 00:39:08.532
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 00:39:08.501
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 00:11:14.738
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-17 00:11:14.707
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F2 01/06/2010
Motherboard: Gigabyte Technology Co., Ltd. H55M-USB3
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 49%
Total physical RAM: 12091.48 MB
Available physical RAM: 6132.7 MB
Total Virtual: 24181.15 MB
Available Virtual: 17561.66 MB

==================== Drives ================================

Drive c: (Céčko) (Fixed) (Total:111.79 GB) (Free:13.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Nalezenec) (Fixed) (Total:149.05 GB) (Free:28.83 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: A942A942)
Partition 1: (Active) - (Size=149 GB) - (Type=06)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: C281F686)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 19 črc 2019 22:00
od Conder
:arrow: Urob v Malwarebytes uplny sken (podla logu je nainstalovany)
  • Otvor Malwarebytes a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
  • Skopirovany log vloz do dalsej odpovede
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
:arrow: Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/
  • Uloz na plochu a spusti ako spravca
  • Potvrd licencne podmienky
  • Klikni na Change parameters a zaskrtni "Loaded modules"
  • Potvrd restart PC
  • Po restartovani klikni na "Start Scan"
  • V pripade nalezu vyber u vsetkych nalezov "Skip" a klikni na "Continue"
  • Klikni na "Report" (vpravo hore) a tento log sem skopiruj

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 20 črc 2019 02:10
od nazdar
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 20.07.19
Čas skenování: 1:11
Logovací soubor: 8e28b403-aa7a-11e9-aea0-000000000000.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.11636
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Klumpik\Ja

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 356048
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 1
Uplynulý čas: 54 min, 6 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
Generic.Malware/Suspicious, C:\WINDOWS\SETUP\SCRIPTS\WINDOWS7LOADER.EXE, V karanténě, [0], [392686],1.0.11636

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 20 črc 2019 02:17
od nazdar
tdsskiller log
tdsskiller log.rar
(89 bajtů) Staženo 75 x

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 20 črc 2019 16:54
od Conder
:arrow: Log z TDSSKilleru je prazdny. Skus ho poslat este raz.

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 22 črc 2019 22:35
od nazdar
Omlouvám se, Teď to udělalo 2 logy tak posílám oba.

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 23 črc 2019 03:14
od Conder
:arrow: Poprosim o obidva nove logy z FRST.

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 23 črc 2019 23:35
od nazdar
zde

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 24 črc 2019 02:21
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Program Files (x86)\Kingston SSD Toolbox
Folder: C:\Windows\Minidump
Zip: C:\Windows\Minidump; C:\TDSSKiller_Quarantine

HKLM\...\Run: [iTunesHelper] => "F:\iTunes\iTunesHelper.exe"
Task: {12ACD551-CCEB-4DD3-8FE7-04648BB9504D} - System32\Tasks\{E2869F52-4881-4DAC-8F6B-526941FC936D} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\FreeRapid-0.9u4\frd.exe" -d "C:\_SOFT PC\FreeRapid-0.9u4"
Task: {65E1029C-F38D-40B7-88C1-3232FBF8CEBD} - System32\Tasks\{457F9BC0-7546-4439-8DE1-04C88A7E8897} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\_NEW\Gigabyte MB ovladače pro 64bit\GSATA\setup.exe" -d "C:\_SOFT PC\_NEW\Gigabyte MB ovladače pro 64bit\GSATA"
Task: {73BB5663-C52A-4C3B-8523-B7D30A7124CF} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 VLAN; system32\DRIVERS\RtVLAN60.sys [X]
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\rsit
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\Program Files\trend micro

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54616392.sys
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\58715664.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54616392.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58715664.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54616392.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58715664.sys => ""="Driver"

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
:arrow: Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, posli ho ako priohu k dalsiemu prispevku alebo nahraj ho napr. na leteckaposta.cz (alebo na ine ulozisko) a posli odkaz na stiahnutie.

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 26 črc 2019 23:36
od nazdar
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Ja (24-07-2019 01:29:54) Run:1
Running from C:\Users\Ja\Desktop
Loaded Profiles: Ja (Available Profiles: Ja)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Program Files (x86)\Kingston SSD Toolbox
Folder: C:\Windows\Minidump
Zip: C:\Windows\Minidump; C:\TDSSKiller_Quarantine

HKLM\...\Run: [iTunesHelper] => "F:\iTunes\iTunesHelper.exe"
Task: {12ACD551-CCEB-4DD3-8FE7-04648BB9504D} - System32\Tasks\{E2869F52-4881-4DAC-8F6B-526941FC936D} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\FreeRapid-0.9u4\frd.exe" -d "C:\_SOFT PC\FreeRapid-0.9u4"
Task: {65E1029C-F38D-40B7-88C1-3232FBF8CEBD} - System32\Tasks\{457F9BC0-7546-4439-8DE1-04C88A7E8897} => C:\Windows\system32\pcalua.exe -a "C:\_SOFT PC\_NEW\Gigabyte MB ovlada�e pro 64bit\GSATA\setup.exe" -d "C:\_SOFT PC\_NEW\Gigabyte MB ovlada�e pro 64bit\GSATA"
Task: {73BB5663-C52A-4C3B-8523-B7D30A7124CF} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 VLAN; system32\DRIVERS\RtVLAN60.sys [X]
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\rsit
2019-07-18 23:36 - 2019-07-18 23:36 - 000000000 ____D C:\Program Files\trend micro

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54616392.sys
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\58715664.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54616392.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58715664.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54616392.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58715664.sys => ""="Driver"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 1690
Average :
Sum : 554752898
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= Folder: C:\Program Files (x86)\Kingston SSD Toolbox ========================

not found.

====== End of Folder: ======


========================= Folder: C:\Windows\Minidump ========================


====== End of Folder: ======

================== Zip: ===================
C:\Windows\Minidump -> Size=zero byte
C:\TDSSKiller_Quarantine -> copied successfully to C:\Users\Ja\Desktop\24.07.2019_01.30.13.zip
=========== Zip: End ===========
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12ACD551-CCEB-4DD3-8FE7-04648BB9504D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12ACD551-CCEB-4DD3-8FE7-04648BB9504D}" => removed successfully
C:\Windows\System32\Tasks\{E2869F52-4881-4DAC-8F6B-526941FC936D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2869F52-4881-4DAC-8F6B-526941FC936D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65E1029C-F38D-40B7-88C1-3232FBF8CEBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E1029C-F38D-40B7-88C1-3232FBF8CEBD}" => removed successfully
C:\Windows\System32\Tasks\{457F9BC0-7546-4439-8DE1-04C88A7E8897} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{457F9BC0-7546-4439-8DE1-04C88A7E8897}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73BB5663-C52A-4C3B-8523-B7D30A7124CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73BB5663-C52A-4C3B-8523-B7D30A7124CF}" => removed successfully
C:\Windows\System32\Tasks\Kingston SSD Toolbox => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kingston SSD Toolbox" => removed successfully
HKU\S-1-5-21-3261876755-477165021-623360622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
SearchScopes: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3261876755-477165021-623360622-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
Toolbar: HKU\S-1-5-21-3261876755-477165021-623360622-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07232019002703873 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3 => removed successfully
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\System\CurrentControlSet\Services\dbx => removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\TEAM => removed successfully
TEAM => service removed successfully
HKLM\System\CurrentControlSet\Services\VLAN => removed successfully
VLAN => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully
================== ExportKey: ===================

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54616392.sys" => not found

=== End of ExportKey ===
================== ExportKey: ===================

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\58715664.sys" => not found

=== End of ExportKey ===
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\54616392.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\58715664.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\54616392.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\58715664.sys => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108021576 B
Java, Flash, Steam htmlcache => 17202 B
Windows/system/drivers => 696453128 B
Edge => 0 B
Chrome => 307865222 B
Firefox => 723069748 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 198788 B
LocalService => 66228 B
NetworkService => 134888 B
Ja => 18527982959 B

RecycleBin => 0 B
EmptyTemp: => 19 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:31:40 ====

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 27 črc 2019 21:41
od Conder
:arrow: Poprosim este o ten ZIP archiv "24.07.2019_01.30.13.zip", nachadza sa na ploche. Posli ho ako priohu k dalsiemu prispevku alebo nahraj ho napr. na leteckaposta.cz (alebo na ine ulozisko) a posli odkaz na stiahnutie.

:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

Re: PC blokuje antiviry nebo padá do modré smrti

Napsal: 29 črc 2019 13:02
od nazdar
http://leteckaposta.cz/169578593

Na C se uvolnilo spousty GB místa což je superpozitivní, ale PC stále zlobí.
Občas to po startu či restartu rovnou padne do modrý smrti.
Někdy po startu zmrzne myš.
2x mi to změnilo čas.
Když kliknu třeba na Malawarebytes či Antivir tak občas strašně dlouho trvá než se otevřou.
Stále mi to dokola shazuje okna v prohlížečích a je jedno zda je nově nainstalovaný či ne. A to i v nouzáku.
K Chromu a Firefoxu jsem přidal i Operu, ale taky zlobí.
Jednou to tvrdilo že není připojen k internetu i když si tablet přes wifi vesele browsoval. Po restaru se sice přojil, ale nanačet ani jednu záložku. Teď je načítá, ale po určitý době zase shazuje.

Nevím zda ta modrá smrt není způsobenou třeba špatnou RAMkou?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz