VIRY.CZ

Dobrý deň, prosím o kontrolu, NB už má svoje roky a chýba RAM, ale takto pomalý by asi byť nemal.

Ďakujem

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jožko at 2020-09-17 22:48:47
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 64 GB (64%) free of 100 GB
Total RAM: 1868 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:03, on 17. 9. 2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files\trend micro\Jožko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Služba Avast Browser Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Avast Browser Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\85.0.5675.84\elevation_service.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.102\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7235 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\AVAST Software\Avast\aswEngSrv.exe" /pipename="62E60111-5810-4879-7C7D-0222BC100A68" /binpath="C:\Program Files\AVAST Software\Avast"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /c
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=7832,3270033203670641530,11345943847256403611,131072 --enable-features=CastMediaRouteProvider --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.7.2425)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --force-device-scale-factor=1.25 --pack_loading_disabled=1 --gpu-preferences=MAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7872 /prefetch:2
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=7832,3270033203670641530,11345943847256403611,131072 --enable-features=CastMediaRouteProvider --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=en-US --service-sandbox-type=network --no-sandbox --force-wave-audio --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.7.2425)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --force-device-scale-factor=1.25 --pack_loading_disabled=1 --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7984 /prefetch:8
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1.25 --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --field-trial-handle=7832,3270033203670641530,11345943847256403611,131072 --enable-features=CastMediaRouteProvider --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Jožko\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.7.2425)" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --force-device-scale-factor=1.25 --pack_loading_disabled=1 --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

"C:\Users\Jožko\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jožko\AppData\Roaming\Mozilla\Firefox\Profiles\6603lfwa.default-1525465002164

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.433 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=3]
"Description"=Avast Browser
"Path"=C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\npAvastBrowserUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=9]
"Description"=Avast Browser
"Path"=C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\npAvastBrowserUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.433 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-02-22 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-22 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-22 440600]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-05-26 361984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-09-17 109160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-10-18 13213328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-07 291608]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-06-04 326856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-22 430080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-09-17 22:48:50 ----D---- C:\Program Files\trend micro
2020-09-17 22:48:47 ----D---- C:\rsit
2020-09-17 20:34:14 ----D---- C:\FRST
2020-09-17 19:03:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2020-09-17 18:58:01 ----A---- C:\Windows\system32\aswBoot.exe
2020-09-17 18:58:00 ----A---- C:\Windows\system32\drivers\aswStm.sys
2020-09-17 18:58:00 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys

======List of files/folders modified in the last 1 month======

2020-09-17 22:49:03 ----D---- C:\Windows\Prefetch
2020-09-17 22:48:50 ----RD---- C:\Program Files
2020-09-17 22:47:13 ----D---- C:\Windows\Temp
2020-09-17 22:45:06 ----RD---- C:\Program Files (x86)
2020-09-17 22:45:01 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-09-17 22:16:16 ----D---- C:\Windows\system32\config
2020-09-17 22:14:54 ----SHD---- C:\Windows\Installer
2020-09-17 22:03:04 ----SHD---- C:\System Volume Information
2020-09-17 20:06:16 ----D---- C:\Windows\SysWOW64
2020-09-17 20:06:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2020-09-17 20:06:07 ----D---- C:\Windows\system32\Macromed
2020-09-17 20:06:05 ----D---- C:\Windows\SYSWOW64\Macromed
2020-09-17 19:24:54 ----D---- C:\Windows\system32\Tasks
2020-09-17 19:09:27 ----D---- C:\Windows\System32
2020-09-17 19:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-09-17 19:09:26 ----D---- C:\Windows\inf
2020-09-17 19:01:56 ----A---- C:\Windows\SYSWOW64\LEDEVICE.ini
2020-09-17 19:01:54 ----D---- C:\ProgramData\AVAST Software
2020-09-17 19:01:53 ----A---- C:\Windows\SYSWOW64\REMOTEDEVICE.INI
2020-09-17 19:01:21 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2020-09-17 19:01:16 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2020-09-17 19:01:13 ----A---- C:\Windows\SYSWOW64\bscs.ini
2020-09-17 19:00:22 ----D---- C:\Windows\system32\drivers
2020-09-16 19:04:39 ----D---- C:\Program Files\CCleaner
2020-09-16 18:46:30 ----SD---- C:\ProgramData\Microsoft
2020-09-16 18:46:20 ----SD---- C:\Users\Jožko\AppData\Roaming\Microsoft
2020-09-14 23:27:03 ----D---- C:\Program Files\AVAST Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2020-09-17 37136]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2020-09-17 195648]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2020-09-17 60480]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2020-09-17 84848]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2020-09-17 326408]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-12-23 568600]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2020-09-17 206392]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2020-09-17 235584]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2020-09-17 42768]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2020-09-17 517080]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2020-09-17 109272]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2020-09-17 851600]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2020-09-17 469880]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2020-09-17 175192]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2020-09-17 217328]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2020-05-07 38152]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2011-08-12 23104]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-04-02 51776]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-03-05 48320]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-22 14692224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-10-23 4187664]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2012-08-05 17280]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-04-25 104560]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-06-01 675424]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-07-08 169544]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-09-17 357848]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-06-04 1207520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-09-17 7824280]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-06-04 143968]
S2 avast;Služba Avast Browser Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2020-05-12 193688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19 152216]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-09-17 335416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 avastm;Služba Avast Browser Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2020-05-12 193688]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service; C:\Program Files (x86)\AVAST Software\Browser\Application\85.0.5675.84\elevation_service.exe [2020-08-31 1343624]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.102\elevation_service.exe [2020-09-04 1085424]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19 152216]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-09-17 223952]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-19-2020
# Duration: 00:00:05
# OS: Windows 7 Professional
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_GAMINGWONDERLAND.DL.MYWAY.COM_0.LOCALSTORAGE
Deleted C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_GAMINGWONDERLAND.DL.MYWAY.COM_0.LOCALSTORAGE-JOURNAL

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.ASUSVirtualCamera Folder C:\Program Files (x86)\ASUS\VIRTUALCAMERA
Deleted Preinstalled.ASUSVirtualCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1918 octets] - [19/09/2020 12:22:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Nyní dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Musel som najskor odinštalovať Avast, bránil vytvoreniu logov.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2020
Ran by Jožko (administrator) on JOŽKO-PC (ASUSTeK COMPUTER INC. X55A) (19-09-2020 13:55:30)
Running from C:\Users\Jožko\Desktop
Loaded Profiles: Jožko
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcor Micro Corp.) [File not signed] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\AvastBrowserCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ralink Technology Corporation -> IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Ralink Technology Corporation -> IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Ralink Technology Corporation -> IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Skype Software Sarl -> Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.) [File not signed]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [326856 2012-06-04] (Ralink Technology Corporation -> IVT Corporation)
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\...\MountPoints2: {95989dba-42a7-11ea-b3e5-f4b7e27a70b0} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-01] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\85.0.5675.84\Installer\chrmstp.exe [2020-09-17] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.102\Installer\chrmstp.exe [2020-09-17] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D708779-281C-432D-8FCB-B26A2CE988ED} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193688 2020-05-12] (Avast Software s.r.o. -> AVAST Software)
Task: {203199E0-F8F5-4E1A-8054-FA380DDDE81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)
Task: {3B91CDFC-EE86-4FD2-88E0-6F62CEC4C862} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2097736 2020-08-31] (Avast Software s.r.o. -> AVAST Software)
Task: {41A33175-E2B5-4B9F-9BA7-0D613F9B6555} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {6EDFDFDB-0C94-4026-9159-57F8E47E6603} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193688 2020-05-12] (Avast Software s.r.o. -> AVAST Software)
Task: {9C25DE8B-93F8-43A0-8609-F279F8422EE6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2097736 2020-08-31] (Avast Software s.r.o. -> AVAST Software)
Task: {B1D68810-8B3C-45A9-BCEC-618865AFBA6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-17] (Adobe Inc. -> Adobe)
Task: {B46FB48F-19A0-45D6-827E-8368123BC0B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-17] (Adobe Inc. -> Adobe)
Task: {F4E5D577-91E1-4EBB-9B5A-A62CBB687405} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {FA0FA4F4-E596-45D5-9F23-9891A1E6ED5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CF420408-BA1F-4B53-87FC-F97BCD49BD76}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0349ED0-ECE8-4574-AE5D-A55380ED41F5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: 6603lfwa.default-1525465002164
FF ProfilePath: C:\Users\Jožko\AppData\Roaming\Mozilla\Firefox\Profiles\6603lfwa.default-1525465002164 [2020-09-19]
FF Notifications: Mozilla\Firefox\Profiles\6603lfwa.default-1525465002164 -> hxxps://www.pravda.sk
FF Extension: (Avast Online Security) - C:\Users\Jožko\AppData\Roaming\Mozilla\Firefox\Profiles\6603lfwa.default-1525465002164\Extensions\wrc@avast.com.xpi [2020-09-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-17] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-17] (Adobe Inc. -> )
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\npAvastBrowserUpdate3.dll [2020-05-12] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.7.915.0\npAvastBrowserUpdate3.dll [2020-05-12] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default [2020-08-14]
CHR Notifications: Default -> hxxps://www.drtuber.com; hxxps://www.uiporn.com
CHR Extension: (Prezentácie) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-18]
CHR Extension: (Dokumenty) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-18]
CHR Extension: (Disk Google) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-19]
CHR Extension: (YouTube) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-19]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-05-07]
CHR Extension: (Avast SafePrice | Porovnanie, ponuky, kupóny) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-05-07]
CHR Extension: (Tabuľky) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-18]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-07]
CHR Extension: (Avast Online Security) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jožko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-07]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-07-08] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-17] (Adobe Inc. -> Adobe)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193688 2020-05-12] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193688 2020-05-12] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\85.0.5675.84\elevation_service.exe [1343624 2020-08-31] (Avast Software s.r.o. -> AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1207520 2012-06-04] (Ralink Technology Corporation -> IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [143968 2012-06-04] (Ralink Technology Corporation -> IVT Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-12] (Ralink Technology Corporation -> Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-12] (Ralink Technology Corporation -> Ralink Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-02] (Ralink Technology Corporation -> Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Technology Corporation -> Ralink Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [17280 2012-08-05] (ASUSTeK Computer Inc. -> )
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [675424 2012-06-01] (Ralink Technology Corporation -> Ralink Technology, Corp.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-12] (Ralink Technology Corporation -> Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-19 13:55 - 2020-09-19 13:56 - 000013123 _____ C:\Users\Jožko\Desktop\FRST.txt
2020-09-19 13:29 - 2020-09-19 13:29 - 000000000 ____D C:\avast! sandbox
2020-09-19 13:28 - 2020-09-19 13:28 - 002298880 _____ (Farbar) C:\Users\Jožko\Desktop\FRST64.exe
2020-09-19 12:18 - 2020-09-19 12:18 - 008414384 _____ (Malwarebytes) C:\Users\Jožko\Desktop\adwcleaner_8.0.7.exe
2020-09-17 22:48 - 2020-09-17 22:49 - 000000000 ____D C:\rsit
2020-09-17 22:48 - 2020-09-17 22:49 - 000000000 ____D C:\Program Files\trend micro
2020-09-17 22:46 - 2020-09-17 22:47 - 001222144 _____ C:\Users\Jožko\Desktop\RSITx64.exe
2020-09-17 20:34 - 2020-09-19 13:56 - 000000000 ____D C:\FRST
2020-09-17 19:03 - 2020-09-19 12:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-19 13:54 - 2015-07-29 18:39 - 000007428 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2020-09-19 13:54 - 2015-07-29 18:39 - 000000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2020-09-19 13:54 - 2015-07-29 18:19 - 000000000 ____D C:\ProgramData\AVAST Software
2020-09-19 13:54 - 2012-06-04 09:35 - 000000763 _____ C:\Windows\SysWOW64\bscs.ini
2020-09-19 13:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-19 13:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-09-19 13:39 - 2015-07-29 18:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-09-19 13:30 - 2009-07-14 06:45 - 000014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-09-19 13:30 - 2009-07-14 06:45 - 000014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-09-19 13:28 - 2016-11-16 11:00 - 000000000 ____D C:\Users\Jožko\AppData\LocalLow\Mozilla
2020-09-19 12:26 - 2017-04-20 14:39 - 000002726 _____ C:\Windows\SysWOW64\LEDEVICE.ini
2020-09-19 12:23 - 2015-07-29 18:12 - 000000000 ____D C:\Program Files (x86)\ASUS
2020-09-19 12:22 - 2015-10-23 12:47 - 000000000 ____D C:\AdwCleaner
2020-09-19 12:10 - 2015-07-29 18:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-09-17 20:06 - 2018-05-25 20:52 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-09-17 20:06 - 2015-10-23 12:45 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-09-17 20:06 - 2015-07-29 18:24 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-09-17 20:06 - 2015-07-29 18:24 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-09-17 20:06 - 2015-07-29 18:24 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-17 19:48 - 2016-07-19 14:23 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-09-17 19:24 - 2020-05-12 22:10 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-09-17 19:24 - 2020-05-12 22:10 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-09-17 19:15 - 2015-07-29 18:22 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-17 19:09 - 2009-07-14 07:13 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2020-09-17 19:01 - 2016-12-03 14:03 - 000000610 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2020-09-17 17:35 - 2020-05-12 22:10 - 000000000 ____D C:\Users\Jožko\AppData\Local\AVAST Software
2020-09-16 19:27 - 2015-10-22 11:30 - 000007606 _____ C:\Users\Jožko\AppData\Local\Resmon.ResmonCfg
2020-09-16 19:04 - 2015-07-29 18:28 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories ========

2015-10-22 11:30 - 2020-09-16 19:27 - 000007606 _____ () C:\Users\Jožko\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-17 21:54
==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2020
Ran by Jožko (19-09-2020 13:57:20)
Running from C:\Users\Jožko\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-29 15:57:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3524902439-368862439-1840938879-500 - Administrator - Disabled)
Guest (S-1-5-21-3524902439-368862439-1840938879-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3524902439-368862439-1840938879-1004 - Limited - Enabled)
Jožko (S-1-5-21-3524902439-368862439-1840938879-1000 - Administrator - Enabled) => C:\Users\Jožko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.433 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\{A104C276-2B05-41A7-8263-7F7BF6C70D04}) (Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 85.0.5675.84 - Autori prehliadača Avast Secure Browser)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.102 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 80.0.1 (x86 sk) (HKLM-x32\...\Mozilla Firefox 80.0.1 (x86 sk)) (Version: 80.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 80.0.1.7548 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{FF6F6A5F-AE64-6C80-38A3-C2F5165F013B}) (Version: 9.1.692.43 - Ralink Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Roblox Player (HKLM-x32\...\roblox-player) (Version: - Roblox Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.71 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-07-29 18:07 - 2012-02-07 06:12 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\S-1-5-21-3524902439-368862439-1840938879-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jožko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{67E988BE-E189-47C8-AF7A-CA5C0DFA92EA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Ralink Technology Corporation -> IVT Corporation)
FirewallRules: [{DE7FD3F8-26B4-4350-B217-0E1DDF91A84F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7C26963A-5BA2-4F3B-8F3C-6604E5F78BA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37AFFFB6-6E38-45D6-BAD3-626469108DF4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C1BEC73-9AFE-4E3B-9C38-C24B1E09767B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Ralink Technology Corporation -> IVT Corporation)
FirewallRules: [{22840991-4008-4336-91C6-D6CDA1BE2988}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Ralink Technology Corporation -> IVT Corporation)
FirewallRules: [{323F9377-EF6A-42A6-8A5E-38667E63363E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F569EF45-374C-4948-912E-1C113E7D32C2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EA8333F2-B73A-4759-9A57-9F0A20F59046}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{15B40637-2CF0-4967-9BF0-86A9F6A1B1CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5E5EFAE5-1A08-4898-A1D8-42245D412A3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{501BF975-C988-4C19-868C-0217AA75E7B9}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9C3B017C-15EA-4082-99B0-2C8617B719D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

05-02-2020 21:03:12 Plánovaný kontrolný bod
07-05-2020 20:33:12 Plánovaný kontrolný bod
17-09-2020 22:02:35 Plánovaný kontrolný bod
19-09-2020 12:23:23 AdwCleaner_BeforeCleaning_19/09/2020_12:23:18

==================== Faulty Device Manager Devices ============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/19/2020 01:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (09/19/2020 01:55:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.


System errors:
=============
Error: (09/19/2020 12:23:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/19/2020 12:23:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/19/2020 12:23:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Software Protection sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (09/19/2020 12:23:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BsHelpCS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/19/2020 12:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Media Player - služba zdieľania v sieti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (09/19/2020 12:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Inštalátor systému Windows sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (09/19/2020 12:17:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Application Experience zlyhalo kvôli nasledujúcej chybe:
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (09/19/2020 12:17:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby AeLookupSvc bol dosiahnutý časový limit (30000 ms).


CodeIntegrity:
===================================

Date: 2016-08-03 11:46:04.164
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 11:46:04.102
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 11:04:54.317
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 11:04:54.239
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-27 20:14:32.123
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-27 20:14:31.936
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 14:28:26.910
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 14:28:26.582
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X55A.417 01/09/2013
Motherboard: ASUSTeK COMPUTER INC. X55A
Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 95%
Total physical RAM: 1867.68 MB
Available physical RAM: 86.53 MB
Total Virtual: 3735.36 MB
Available Virtual: 606.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:66.31 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:88.59 GB) NTFS

\\?\Volume{f93ca114-3606-11e5-8b27-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: B05CD80C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Avast by mělo stačit vypnout. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\...\MountPoints2: {95989dba-42a7-11ea-b3e5-f4b7e27a70b0} - F:\HiSuiteDownLoader.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {203199E0-F8F5-4E1A-8054-FA380DDDE81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)
Task: {FA0FA4F4-E596-45D5-9F23-9891A1E6ED5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2020
Ran by Jožko (19-09-2020 18:16:06) Run:1
Running from C:\Users\Jožko\Desktop
Loaded Profiles: Jožko
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\...\MountPoints2: {95989dba-42a7-11ea-b3e5-f4b7e27a70b0} - F:\HiSuiteDownLoader.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {203199E0-F8F5-4E1A-8054-FA380DDDE81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)
Task: {FA0FA4F4-E596-45D5-9F23-9891A1E6ED5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-19] (Google Inc -> Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3524902439-368862439-1840938879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95989dba-42a7-11ea-b3e5-f4b7e27a70b0} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{203199E0-F8F5-4E1A-8054-FA380DDDE81B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{203199E0-F8F5-4E1A-8054-FA380DDDE81B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA0FA4F4-E596-45D5-9F23-9891A1E6ED5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0FA4F4-E596-45D5-9F23-9891A1E6ED5B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82034067 B
Java, Flash, Steam htmlcache => 741 B
Windows/system/drivers => 364905721 B
Edge => 0 B
Chrome => 28789187 B
Firefox => 145145603 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 201722 B
systemprofile32 => 267950 B
LocalService => 334178 B
NetworkService => 341148 B
Jožko => 1125582806 B

RecycleBin => 62216543 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:17:18 ====

Smazáno. Nastala nějaká změna?

áno, NB v rámci svojich možností podstatne ožil.

Tak ro jsem rád!

Ďakujem za pomoc a prajem peknú nedeľu.

Hezkou neděli i vám a nemáte zač!