VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kengura at 2020-08-10 18:11:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 417 GB (84%) free of 495 GB
Total RAM: 3839 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:45, on 10.8.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files\trend micro\Kengura.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centrum.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F6C31DC-BADA-423A-8897-09AAEB056DD3}: NameServer = 100.120.205.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine VPN (SecureLine) - AVAST Software - C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7818 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {07AD5B1E-2A34-4655-8B35-32587539C070}
"C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe" -boot
AvastUI.exe /nogui
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Program Files\AVAST Software\Avast\aswEngSrv.exe" /pipename="1CECE913-521E-298B-C363-2271988A444E" /binpath="C:\Program Files\AVAST Software\Avast"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "32157628416150148471005484709-1959624341-15454776701095949958687822610-251124697
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=6548,959331493615014796,16103390726526949415,131072 --no-sandbox --log-file="C:\Users\Kengura\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=verbose --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.6.2420)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --force-device-scale-factor=1.25 --pack_loading_disabled=1 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAMAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=17376860392595957584 --mojo-platform-channel-handle=6868 /prefetch:2
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.0.491800615\1225456342" -parentBuildID 20200720193547 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 1 -prefMapSize 233089 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 1192 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.6.449124410\919571534" -childID 1 -isForBrowser -prefsHandle 1856 -prefMapHandle 1852 -prefsLen 314 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 1868 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.20.1409531388\1623568865" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3732 -prefsLen 6733 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 3804 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.27.1291650638\1235133184" -childID 4 -isForBrowser -prefsHandle 4320 -prefMapHandle 1752 -prefsLen 7569 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 4380 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6112.48.1413825630\820624636" -childID 7 -isForBrowser -prefsHandle 4712 -prefMapHandle 3756 -prefsLen 8308 -prefMapSize 233089 -parentBuildID 20200720193547 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6112 "\\.\pipe\gecko-crash-server-pipe.6112" 3096 tab

"C:\Users\Kengura\Pictures\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Avast Driver Updater Startup.job - C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe -boot

=========Mozilla firefox=========

ProfilePath - C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.403 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.231.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.231.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.403 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-07-30 109160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [2020-05-04 5417008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeGCInvoker-1.0]
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2020-05-05 3325520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-03-29 13513288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2013-01-08 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-04 767176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-10-05 645648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast SecureLine VPN.lnk]
C:\PROGRA~1\AVASTS~1\SECURE~1\Vpn.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-08-10 18:11:26 ----D---- C:\rsit
2020-08-10 14:39:05 ----N---- C:\bootsqm.dat
2020-08-09 21:17:42 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-08-08 18:46:51 ----D---- C:\Program Files\Zoner
2020-08-08 15:32:03 ----A---- C:\Windows\system32\drivers\SWDUMon.sys
2020-08-08 14:06:53 ----A---- C:\Windows\system32\drivers\mbae64.sys
2020-08-08 14:06:46 ----D---- C:\ProgramData\Malwarebytes
2020-08-07 21:47:52 ----D---- C:\Users\Kengura\AppData\Roaming\calibre
2020-08-07 21:40:06 ----SHD---- C:\$RECYCLE.BIN
2020-08-07 21:21:51 ----A---- C:\Windows\zoek-delete.exe
2020-08-07 21:21:50 ----D---- C:\Windows\Temp
2020-08-03 20:38:02 ----D---- C:\Program Files (x86)\MegaDev
2020-08-01 13:39:50 ----D---- C:\Program Files (x86)\Two Worlds II HD Shattered Embrace
2020-07-31 17:48:46 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2020-07-31 17:48:45 ----DC---- C:\Windows\system32\DRVSTORE
2020-07-31 17:48:05 ----D---- C:\Users\Kengura\AppData\Roaming\ATI
2020-07-31 17:48:05 ----D---- C:\ProgramData\ATI
2020-07-31 17:47:59 ----D---- C:\Program Files (x86)\ATI Technologies
2020-07-31 17:32:26 ----D---- C:\ProgramData\AMD
2020-07-31 17:31:34 ----D---- C:\Program Files\AMD
2020-07-31 17:28:41 ----D---- C:\AMD
2020-07-30 13:55:43 ----A---- C:\Windows\system32\aswBoot.exe
2020-07-30 13:55:40 ----A---- C:\Windows\system32\drivers\aswStm.sys
2020-07-30 13:55:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2020-07-20 20:51:06 ----D---- C:\Program Files (x86)\Avast Driver Updater
2020-07-20 20:11:34 ----A---- C:\Windows\system32\icarus_rvrt.exe
2020-07-20 18:26:51 ----A---- C:\Windows\system32\drivers\aswNetHub.sys
2020-07-20 18:26:36 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2020-07-14 14:20:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2020-08-10 18:11:28 ----D---- C:\Program Files\trend micro
2020-08-10 17:27:05 ----D---- C:\Windows\system32\config
2020-08-10 17:21:20 ----D---- C:\ProgramData\AVAST Software
2020-08-10 17:11:42 ----D---- C:\Windows\system32\drivers
2020-08-10 17:10:51 ----D---- C:\Windows
2020-08-10 16:45:52 ----D---- C:\Windows\inf
2020-08-10 13:27:03 ----D---- C:\Windows\winsxs
2020-08-10 13:26:57 ----D---- C:\Windows\system32\catroot2
2020-08-10 12:56:04 ----HD---- C:\Windows\system32\GroupPolicy
2020-08-10 11:17:33 ----SHD---- C:\Windows\Installer
2020-08-10 11:12:57 ----D---- C:\Program Files (x86)\Google
2020-08-10 11:12:30 ----D---- C:\Windows\system32\Tasks
2020-08-10 10:40:50 ----D---- C:\Program Files (x86)\Microsoft
2020-08-10 10:03:57 ----SHD---- C:\System Volume Information
2020-08-09 14:45:54 ----D---- C:\Windows\Tasks
2020-08-09 14:35:32 ----D---- C:\Windows\SoftwareDistribution
2020-08-09 13:58:50 ----D---- C:\Windows\Prefetch
2020-08-08 18:46:51 ----RD---- C:\Program Files
2020-08-08 14:07:17 ----HD---- C:\ProgramData
2020-08-07 20:18:19 ----D---- C:\Windows\system32\drivers\etc
2020-08-07 20:14:36 ----D---- C:\Windows\SysWOW64
2020-08-06 17:49:20 ----D---- C:\Users\Kengura\AppData\Roaming\Zoner
2020-08-03 20:38:02 ----RD---- C:\Program Files (x86)
2020-08-01 20:41:49 ----D---- C:\Program Files\WinRAR
2020-08-01 10:21:31 ----D---- C:\Windows\Microsoft.NET
2020-07-31 17:48:45 ----D---- C:\Windows\System32
2020-07-31 17:32:07 ----D---- C:\Program Files (x86)\AMD
2020-07-28 19:26:31 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-28 17:07:10 ----D---- C:\Program Files\Mozilla Firefox
2020-07-27 13:10:53 ----D---- C:\Windows\system32\catroot
2020-07-23 11:44:23 ----D---- C:\ProgramData\Ashampoo
2020-07-21 15:49:23 ----D---- C:\Program Files\AVAST Software
2020-07-20 20:11:35 ----D---- C:\Program Files\Common Files\AVAST Software
2020-07-20 18:27:20 ----D---- C:\Windows\system32\DriverStore
2020-07-14 16:41:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2020-07-14 16:41:47 ----D---- C:\Windows\system32\Macromed
2020-07-14 16:41:44 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2020-07-30 195656]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2020-07-30 60488]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2020-07-30 84856]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2020-08-04 323784]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2020-07-30 205888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2020-07-30 235592]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2020-07-30 42776]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2020-07-30 515544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2020-07-30 109280]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2020-07-30 851608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2020-07-30 466752]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 516096]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2020-07-30 175200]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2020-07-30 217336]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2020-07-20 38152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-29 3379272]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-03-20 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 27584]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-11-14 56384]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-02-01 819784]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 60640]
S2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys []
S3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2006-06-27 47616]
S3 AsrCDDrv;AsrCDDrv; C:\Windows\system32\drivers\AsrCDDrv.sys []
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2018-09-05 53904]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2019-02-07 95232]
S3 cpuz145;cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2013-01-08 71168]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-08-09 248968]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-12-28 1547616]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2013-01-08 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2013-01-08 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2013-01-08 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2020-08-10 25608]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2013-10-02 29696]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2013-01-08 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2013-01-08 21760]
S4 IMFMBRProtect;IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-05-07 169032]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2020-05-05 3673680]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020-05-05 3406416]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-04 344064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-07-30 353696]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2020-08-05 1072800]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2521024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2019-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2019-02-01 107832]
R2 SecureLine;Avast SecureLine VPN; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [2020-07-20 7415168]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-07-30 7776160]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 3632576]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-07-14 335416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-08-10 156104]
S3 GoogleChromeElevationService;Google Chrome Elevation Service (GoogleChromeElevationService); C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\elevation_service.exe [2020-07-24 1309680]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-08-10 156104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-12-17 116224]
S3 MBAMService;Malwarebytes Service; C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe [2020-08-09 6970968]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-07-28 244432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2019-10-12 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-10-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1555 octets] - [10/08/2020 18:41:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Něco se zvrtlo.Místo logů se objevily dva prázdné poznámkové bloky a 2x nápis - Nelze najít soubor desktop.Chcete založit nový soubor - Skenování jsem opakoval 4x se stejným výsledkem...

Máte FRST na ploše? Pokud ne a nefunguje to, přesuňte frst do jiného adresáře a zkuste zopakovat.

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by Kengura (administrator) on KENGURA-PC (10-08-2020 21:10:03)
Running from C:\Users\Kengura\Music\Nová složka (2)
Loaded Profiles: Kengura
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(ZONER software, a.s. -> ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-14] (Microsoft Windows -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2009-07-14] (Microsoft Windows -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-08-10] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {097AC5DE-0355-44DF-9A2F-BD9EF099C145} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5098136 2020-07-14] (Avast Software s.r.o. -> Avast Software)
Task: {0D1CF483-F76D-4293-8B8A-8AA83F3F3B7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {1757AB17-B338-4904-82B1-2F7962402B2B} - System32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {25D37675-1FE5-4BDE-A855-BFE3E668A9B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {270E1E9D-E551-4B08-BCF8-E6953B1C8937} - System32\Tasks\{19144672-213B-4E0A-8C62-5B805948C173} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/cs/abandoninstall?page=tsMain
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {3314AB66-2EDE-498A-8265-0A8DF6CCA845} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {3586ABC6-67A0-4066-9AAC-AFC193EEA01F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {37B8E67D-0561-4919-8E42-F20DE303A856} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39695DC4-942B-406E-A58E-C17A6876B1A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
Task: {6C2BAF35-184E-4AFC-A438-6BD6E7E9AAD0} - System32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {705F29F4-3702-4CCB-A38A-B98ECE4D8771} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1180488 2020-07-20] (Avast Software s.r.o. -> AVAST Software)
Task: {7A4366E9-434D-4AD2-A2EA-EEB4AE47C2D2} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30244064 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B4408386-0D70-4B59-904A-F458F096232B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {C7508DE0-47F1-44E0-999F-DB8695939B64} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe
Task: {D268755B-D7AB-4F04-8D68-995D71C16FDD} - System32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
Task: {E83A6B45-F18A-4715-8E7E-7E36ED9BF3B6} - System32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9} => C:\Users\Kengura\Desktop\avastdriverupdater.exe
Task: {F3E00393-37C5-4F50-B723-E990DE6C4816} - System32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263} => C:\Users\Kengura\Desktop\avastdriverupdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.96.160.6 212.96.161.7
Tcpip\..\Interfaces\{1FF80274-5A8A-4731-92C6-A2EA8D10DC61}: [DhcpNameServer] 212.96.160.6 212.96.161.7
Tcpip\..\Interfaces\{8F6C31DC-BADA-423A-8897-09AAEB056DD3}: [NameServer] 100.120.205.1
Tcpip\..\Interfaces\{B8835B1F-9A53-4FF1-92A4-90FF0D73217C}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.centrum.cz/
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
SearchScopes: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: m2usc0l4.default
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 [2020-08-10]
FF Homepage: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> hxxps://www.seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304 -> hxxps://aukro.cz
FF Extension: (Facebook Container) - C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\xobiol8a.default-release-1595945170304\Extensions\@contain-facebook.xpi [2020-07-28]
FF ProfilePath: C:\Users\Kengura\AppData\Roaming\Mozilla\Firefox\Profiles\m2usc0l4.default [2020-08-10]
FF Homepage: Mozilla\Firefox\Profiles\m2usc0l4.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\m2usc0l4.default -> about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2263194865-3938205509-2482612845-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-13] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default [2020-08-10]
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR Extension: (Prezentace) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-08-10]
CHR Extension: (Dokumenty) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-08-10]
CHR Extension: (Disk Google) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-08-10]
CHR Extension: (YouTube) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-08-10]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-08-10]
CHR Extension: (Tabulky) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-08-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-10]
CHR Extension: (Gmail) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-10]
CHR Profile: C:\Users\Kengura\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1072800 2020-08-05] (Avast Software s.r.o. -> AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2019-02-01] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2019-02-01] (Even Balance, Inc. -> )
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [7415168 2020-07-20] (Avast Software s.r.o. -> AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 NMIndexingService; no ImagePath

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47616 2006-06-27] (Advanced Micro Devices, Inc. -> AMD, Inc.)
S3 AsrCDDrv; no ImagePath
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-07-30] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-04] (Avast Software s.r.o. -> AVAST Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-08-10] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-10 20:54 - 2020-08-10 21:10 - 000000000 ____D C:\FRST
2020-08-10 18:40 - 2020-08-10 18:53 - 000000000 ____D C:\AdwCleaner
2020-08-10 11:13 - 2020-08-10 11:13 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-10 11:13 - 2020-08-10 11:13 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-08-10 11:13 - 2020-08-10 11:13 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-08-10 11:12 - 2020-08-10 15:03 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-08-09 21:17 - 2020-08-09 21:17 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-09 11:11 - 2020-08-09 21:17 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-08 18:47 - 2020-08-08 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
2020-08-08 18:46 - 2020-08-08 18:46 - 000000000 ____D C:\Program Files\Zoner
2020-08-08 15:32 - 2020-08-10 20:08 - 000002916 _____ C:\Windows\system32\Tasks\Avast Driver Updater Startup
2020-08-08 15:32 - 2020-08-10 20:08 - 000000486 _____ C:\Windows\Tasks\Avast Driver Updater Startup.job
2020-08-08 15:32 - 2020-08-10 20:07 - 000025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2020-08-08 15:32 - 2020-08-10 15:31 - 000000000 ____D C:\Users\Kengura\AppData\Local\AVAST Software
2020-08-08 14:06 - 2020-08-09 21:17 - 000002013 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-08 14:06 - 2020-08-09 21:17 - 000002013 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-08 14:06 - 2020-08-09 21:16 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-08 14:06 - 2020-08-08 14:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-07 22:11 - 2020-08-07 22:11 - 000000000 ____D C:\Users\Kengura\AppData\Local\VirtualStore
2020-08-07 21:47 - 2020-08-07 21:50 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\calibre
2020-08-07 21:26 - 2020-08-07 21:26 - 000003938 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2020-08-07 21:21 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2020-08-03 23:10 - 2020-08-03 23:10 - 000000047 _____ C:\Users\Kengura\Documents\mt-x_hook.txt
2020-08-03 20:41 - 2020-08-03 23:10 - 000000007 _____ C:\Users\Kengura\Documents\mt-e_hook.txt
2020-08-03 20:38 - 2020-08-03 20:38 - 000000000 ____D C:\Program Files (x86)\MegaDev
2020-08-01 13:48 - 2020-08-01 19:03 - 000001234 _____ C:\Users\Kengura\Desktop\Two Worlds II HD Shattered Embrace.lnk
2020-08-01 13:48 - 2020-08-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Two Worlds II HD Shattered Embrace
2020-08-01 13:39 - 2020-08-03 20:46 - 000000000 ____D C:\Program Files (x86)\Two Worlds II HD Shattered Embrace
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\ATI
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\Users\Kengura\AppData\Local\ATI
2020-07-31 17:48 - 2020-07-31 17:48 - 000000000 ____D C:\ProgramData\ATI
2020-07-31 17:48 - 2000-01-01 02:00 - 000060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2020-07-31 17:47 - 2020-07-31 17:47 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2020-07-31 17:34 - 2020-07-31 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2020-07-31 17:32 - 2020-07-31 17:32 - 000000000 ____D C:\ProgramData\AMD
2020-07-31 17:31 - 2020-07-31 17:33 - 000000000 ____D C:\Program Files\AMD
2020-07-31 17:28 - 2020-07-31 17:28 - 000000000 ____D C:\AMD
2020-07-31 15:32 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
2020-07-31 15:32 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
2020-07-31 15:31 - 2020-08-10 15:03 - 000002968 _____ C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
2020-07-30 13:55 - 2020-07-30 13:55 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-07-30 13:55 - 2020-07-30 13:55 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-07-30 13:55 - 2020-07-30 13:55 - 000175200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-07-25 11:22 - 2020-07-25 11:22 - 000001948 _____ C:\Users\Kengura\Desktop\adwcleaner_8.0.7.lnk
2020-07-20 20:51 - 2020-07-20 20:57 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2020-07-20 20:51 - 2020-07-20 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2020-07-20 20:11 - 2020-07-21 15:49 - 000002073 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2020-07-20 20:11 - 2020-07-21 15:49 - 000002073 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
2020-07-20 20:11 - 2020-07-14 08:45 - 000076184 _____ (Avast Software) C:\Windows\system32\icarus_rvrt.exe
2020-07-20 18:26 - 2020-07-30 13:55 - 000515544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-07-20 18:26 - 2020-07-20 18:26 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2020-07-14 14:20 - 2020-07-14 16:41 - 009585208 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-01 23:17 - 2019-10-25 17:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2025-03-01 23:17 - 2019-10-25 17:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-08-10 21:06 - 2019-10-10 12:30 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\Mozilla
2020-08-10 20:15 - 2009-07-14 06:45 - 000028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-10 20:15 - 2009-07-14 06:45 - 000028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-10 20:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-10 18:11 - 2019-10-20 12:46 - 000000000 ____D C:\Program Files\trend micro
2020-08-10 17:21 - 2019-09-27 15:38 - 000000000 ____D C:\ProgramData\AVAST Software
2020-08-10 16:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-10 16:16 - 2020-01-14 20:00 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\IGDump
2020-08-10 15:03 - 2020-03-26 22:39 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-10 15:03 - 2020-03-26 22:39 - 000002816 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-08-10 15:03 - 2019-10-26 15:19 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-08-10 15:03 - 2019-10-25 17:42 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-10 15:03 - 2019-09-27 15:41 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-08-10 12:56 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-10 11:13 - 2015-02-07 17:30 - 000000000 ____D C:\Users\Kengura\AppData\Local\Google
2020-08-10 11:12 - 2015-02-07 17:30 - 000000000 ____D C:\Program Files (x86)\Google
2020-08-09 14:27 - 2014-09-28 19:39 - 000007596 _____ C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg
2020-08-07 21:50 - 2020-01-18 18:08 - 000000000 ____D C:\Users\Kengura\Knihovna Calibre
2020-08-06 20:09 - 2020-03-26 22:39 - 000000827 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-08-06 20:09 - 2020-03-26 22:39 - 000000827 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-08-06 17:49 - 2014-07-03 13:07 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\Zoner
2020-08-06 15:40 - 2014-07-03 13:07 - 000000000 ____D C:\Users\Kengura\AppData\Local\Zoner
2020-08-04 14:32 - 2019-09-27 15:40 - 000323784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-08-03 11:31 - 2020-01-15 13:46 - 000000000 ____D C:\Users\Kengura\AppData\Local\Two Worlds II
2020-08-01 20:41 - 2015-11-06 13:53 - 000000000 ____D C:\Program Files\WinRAR
2020-08-01 17:35 - 2018-02-05 17:23 - 000000000 ____D C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-08-01 17:35 - 2018-02-05 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-08-01 09:38 - 2019-09-27 15:40 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-07-31 17:32 - 2017-04-11 19:28 - 000000000 ____D C:\Program Files (x86)\AMD
2020-07-30 13:55 - 2019-09-27 15:40 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000466752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000205888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000195656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000060488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-07-30 13:55 - 2019-09-27 15:40 - 000042776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-07-30 13:54 - 2019-10-10 10:38 - 000235592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-07-28 19:26 - 2019-10-26 16:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-28 17:07 - 2020-04-04 11:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-24 13:34 - 2020-01-22 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-07-23 11:44 - 2019-12-10 19:31 - 000000000 ____D C:\ProgramData\Ashampoo
2020-07-22 20:05 - 2019-11-15 13:34 - 000000000 ____D C:\Users\Kengura\AppData\LocalLow\uTorrent
2020-07-22 20:03 - 2019-10-10 19:12 - 000000000 ____D C:\Users\Kengura\AppData\Local\BitTorrentHelper
2020-07-21 15:49 - 2019-09-27 15:39 - 000000000 ____D C:\Program Files\AVAST Software
2020-07-21 11:59 - 2019-09-27 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-07-20 20:11 - 2019-09-27 15:40 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-07-14 16:41 - 2014-06-27 17:36 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-14 16:41 - 2014-06-27 17:36 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-14 16:41 - 2014-06-27 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-07-14 16:41 - 2014-06-27 17:36 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ========

2014-10-29 15:18 - 2014-10-29 15:19 - 000002292 _____ () C:\Users\Kengura\AppData\Roaming\ASSDraw3.cfg
2014-06-28 23:09 - 2020-01-10 15:58 - 000099384 _____ () C:\Users\Kengura\AppData\Roaming\inst.exe
2014-06-28 23:09 - 2020-01-10 15:58 - 000007859 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.cat
2014-06-28 23:09 - 2020-01-10 15:58 - 000001167 _____ () C:\Users\Kengura\AppData\Roaming\pcouffin.inf
2014-06-28 23:09 - 2020-01-10 15:58 - 000082816 _____ (VSO Software) C:\Users\Kengura\AppData\Roaming\pcouffin.sys
2016-02-22 17:56 - 2018-10-27 10:27 - 000047648 _____ () C:\Users\Kengura\AppData\Roaming\SLOVA.WAV
2016-02-22 17:56 - 2018-10-27 10:27 - 000047248 _____ () C:\Users\Kengura\AppData\Roaming\TMP.WAV
2014-06-28 23:09 - 2018-02-21 18:26 - 000001041 _____ () C:\Users\Kengura\AppData\Roaming\vso_ts_preview.xml
2017-12-11 16:57 - 2020-06-25 17:11 - 000004608 _____ () C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 19:39 - 2020-08-09 14:27 - 000007596 _____ () C:\Users\Kengura\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-06 12:55
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Kengura (10-08-2020 21:11:25)
Running from C:\Users\Kengura\Music\Nová složka (2)
Windows 7 Professional Service Pack 1 (X64) (2014-06-27 10:30:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2263194865-3938205509-2482612845-500 - Administrator - Disabled)
Guest (S-1-5-21-2263194865-3938205509-2482612845-501 - Limited - Disabled)
Kengura (S-1-5-21-2263194865-3938205509-2482612845-1000 - Administrator - Enabled) => C:\Users\Kengura

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.403 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.403 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{1C819A99-37D1-DE8C-68DF-3AEB5A2C9BE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.6.2420 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.6.4982.470 - Avast Software)
calibre 64bit (HKLM\...\{40539A18-5471-4A0D-91BB-D0E5274B9D41}) (Version: 3.48.0 - Kovid Goyal)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.0.0.65 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.1.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.1.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.0.29 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Far Cry (AMD64 Exclusive Content Update) (HKLM\...\{2304A2EE-010B-43EE-90F8-2218FB93244E}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Patch 1.32 AMD64) (HKLM\...\{02A116A8-E559-488C-879C-B212F3EA963A}) (Version: 1.00.0000 - Ubisoft) Hidden
FormatFactory 4.4.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.1.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.105 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
LightScribe 1.4.136.1 (HKLM-x32\...\{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}) (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 verze 1.5 (HKLM-x32\...\Microsoft Office 2007 Service Pack 2_is1) (Version: 1.5 - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 79.0 (x64 cs) (HKLM\...\Mozilla Firefox 79.0 (x64 cs)) (Version: 79.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0.1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.6 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Two Worlds II HD Shattered Embrace (HKLM-x32\...\Two Worlds II HD Shattered Embrace_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: - ZONER software)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-07-30] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2005-06-24] (EA.com/On2.com) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2006-12-14 17:49 - 2006-12-14 17:49 - 000032768 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2006-12-14 17:49 - 2006-12-14 17:49 - 000081920 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2017-04-22 13:18 - 2017-04-22 13:18 - 000548864 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCP80.dll
2017-04-22 13:18 - 2017-04-22 13:18 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-03 14:57 - 2020-07-03 14:57 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2017-11-02 11:22 - 2016-11-14 11:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE trusted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2020-08-08 14:13 - 000000843 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kengura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.96.160.6 - 212.96.161.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast SecureLine VPN.lnk => C:\Windows\pss\Avast SecureLine VPN.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{180647CE-CD26-462D-8C88-8F9D06C51512}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BEA36291-F47D-43C7-B6D4-56405C29A2B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A6E384AC-C0D4-4170-9BDF-DACA85F4FD91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{181A614B-2827-4197-80FA-989C0556181A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A70008D5-2976-4F69-A6BE-CEF7194F0B86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87061B7D-B996-452E-9EA5-A8E7C13C2442}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A79ABCB4-3DB0-47FC-94FA-EDC91CA0EAE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D119A1B4-D222-4A27-B85C-7196BF6CC96B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{DB5BA41B-CB8B-46C7-A7EC-A988BEF4D2B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{7156E19A-0A5B-4AD6-8872-739B8A1FF8C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A6C5ABBF-0251-459B-9BC0-F9D397B2DE77}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6941EEF8-0988-45C9-8B6B-597A82962522}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6EF4A1D4-00F3-48E5-93D5-ECCAD2F4D9D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F606FBA-E05E-415A-B830-597C9F2B5F6A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A8847724-F3CB-4ED7-8E39-2DF4AD44FFB3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{DA693B86-C223-4486-815C-93C30932B131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-08-2020 19:57:49 JRT Pre-Junkware Removal
07-08-2020 20:16:50 zoek.exe restore point
10-08-2020 10:03:39 Removed mypopupblocker

==================== Faulty Device Manager Devices ============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AMD 760G
Description: AMD 760G
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: atikmdag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/10/2020 08:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (08/10/2020 06:57:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (08/10/2020 05:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba


System errors:
=============
Error: (08/10/2020 08:07:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/10/2020 07:18:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (08/10/2020 06:57:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \SystemRoot\SysWow64\drivers\tandpl.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/10/2020 06:56:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrB byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/10/2020 06:53:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2019-07-06 11:58:47.854
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{4E7FF8BB-E9B2-4FC8-809D-DDE438F38B55}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Kengura-PC\Kengura

Date: 2015-07-04 15:29:57.214
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{08C42925-0FB3-45FF-8856-C690E60E553C}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Kengura-PC\Kengura

CodeIntegrity:
===================================

Date: 2019-10-10 12:03:27.632
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 12:03:27.461
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 10:30:48.974
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 10:30:48.818
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 09:03:52.718
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-10 09:03:52.562
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-09 14:57:10.965
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-09 14:57:10.809
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CLFCL5.18\000.fcl because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 08/23/2013
Motherboard: ASRock 960GC-GS FX
Processor: AMD Athlon(tm) Dual Core Processor 4850e
Percentage of memory in use: 79%
Total physical RAM: 3839.24 MB
Available physical RAM: 798.08 MB
Total Virtual: 8670.73 MB
Available Virtual: 4834.47 MB

==================== Drives ================================

Drive c: (Sys) (Fixed) (Total:483.3 GB) (Free:408.97 GB) NTFS
Drive d: (Data) (Fixed) (Total:448.11 GB) (Free:105.71 GB) NTFS

\\?\Volume{1bedb9ff-fde1-11e3-8155-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0E265546)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=483.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

OK, to je ono. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 NMIndexingService; no ImagePath
S3 AsrCDDrv; no ImagePath
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte do C:\Users\Kengura\Music\Nová složka (2) jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Failed to update (1) fix list no found. Fix.list by měl být v adresáři složky sama, kde je nástroj umístěn Co se s tím dá udělat? Mám oba v jedné složce a pak nic víc...

Ano, fixlist musí být umístěn ve stejné složce, jako frst. Je divné že se to brání. Zkuste jiný adresář, případně nouz. režim.

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by Kengura (11-08-2020 10:15:36) Run:1
Running from C:\Users\Kengura\Music\Nová složka (2)
Loaded Profiles: Kengura
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [100]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\...\MountPoints2: G - G:\setup.EXE /AUTORUN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {323DDAC8-6152-42F0-9956-B25F4A0A34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {A0F0AB37-CF22-44C1-9269-08658F3C7655} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-10] (Google LLC -> Google LLC)
Task: {B9CB56AA-4875-4B90-A184-FB24FCEEAE9C} - System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => C:\Windows\system32\pcalua.exe -a C:\Users\Kengura\Videos\jre-8u231-windows-i586-iftw.exe -d C:\Users\Kengura\Videos
Task: {BB5EDFB8-D6DF-441D-AECF-0050F276E5CF} - System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenAL\oalinst.exe" -d "C:\Program Files (x86)\OpenAL"
Task: {DFFB58B8-4BAB-4CC2-A832-544DFC56482D} - System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Translator_2016\TRNIKONY.EXE" -d "C:\Program Files (x86)\Electronic Arts\Translator_2016"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 NMIndexingService; no ImagePath
S3 AsrCDDrv; no ImagePath
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-08-10 11:12 - 2020-08-10 15:03 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13}
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8}
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263}
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9}
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4}
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\TEMP => ":C31F31E6" ADS removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2263194865-3938205509-2482612845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{323DDAC8-6152-42F0-9956-B25F4A0A34FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323DDAC8-6152-42F0-9956-B25F4A0A34FC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0F0AB37-CF22-44C1-9269-08658F3C7655}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F0AB37-CF22-44C1-9269-08658F3C7655}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9CB56AA-4875-4B90-A184-FB24FCEEAE9C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9CB56AA-4875-4B90-A184-FB24FCEEAE9C}" => removed successfully
C:\Windows\System32\Tasks\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3B3E5BB-868A-47F8-92FA-BA2983672F8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB5EDFB8-D6DF-441D-AECF-0050F276E5CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5EDFB8-D6DF-441D-AECF-0050F276E5CF}" => removed successfully
C:\Windows\System32\Tasks\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86EEFF58-1822-4A89-A6BF-ADE5E0A3B8CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFFB58B8-4BAB-4CC2-A832-544DFC56482D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFFB58B8-4BAB-4CC2-A832-544DFC56482D}" => removed successfully
C:\Windows\System32\Tasks\{689AA895-69E0-487D-82B0-EED522E13945} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{689AA895-69E0-487D-82B0-EED522E13945}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\NMIndexingService => removed successfully
NMIndexingService => service removed successfully
HKLM\System\CurrentControlSet\Services\AsrCDDrv => removed successfully
AsrCDDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\IMFMBRProtect => removed successfully
IMFMBRProtect => service removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\system32\Tasks\{71D68624-F88F-46F9-A8B5-30C857225E13} => moved successfully
C:\Windows\system32\Tasks\{554FC912-4FA9-470D-8FAE-A71AA2927EA8} => moved successfully
C:\Windows\system32\Tasks\{FE542A01-EEB1-485C-B9D3-02F1F0D58263} => moved successfully
C:\Windows\system32\Tasks\{43F0D2A9-C5E9-46C8-B5A8-4337C8F523E9} => moved successfully
C:\Windows\system32\Tasks\{14F1C103-55A4-4060-BD19-0A39A15D70B4} => moved successfully
C:\Users\Kengura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8251008 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 500116 B
Edge => 0 B
Chrome => 14235335 B
Firefox => 62815144 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 688 B
LocalService => 688 B
NetworkService => 688 B
Kengura => 12294470 B

RecycleBin => 2014208 B
EmptyTemp: => 103.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:15:54 ====

Bylo smazáno. Změnilo se něco k lepšímu?

Vypínání PC je stejně zdlouhavé.ADW Cleaner objevil další breberky -
Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-11-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1555 octets] - [10/08/2020 18:41:44]
AdwCleaner[C00].txt - [1685 octets] - [10/08/2020 18:53:20]
AdwCleaner[S01].txt - [1625 octets] - [11/08/2020 13:07:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

OK, udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Návod je ne starou verzi. Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde. Restartujte PC.