VIRY.CZ

Dobrý den
Mám velký problém, chvilku jsem na internetu a hned zamrzne vyhledávání, i hry jsou spomalený, což nikdy nebývalo, dal jsem i bod obnovení asi 3 týdny zpátky a furt tam něco zpomaluje počítač.Když jsem dával FRST tak zamrzlo, dal jsem restart,ale Avast do dal do karantény, ale dal jsem výjimku.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.01.2024
Ran by Radovan Noga (administrator) on RADOVAN (Hewlett-Packard HP Pro 3400 Series MT) (04-05-2024 19:52:46)
Running from C:\Users\Radovan Noga\Desktop\FRST64.exe
Loaded Profiles: Radovan Noga & UpdatusUser
Platform: Microsoft Windows 8 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(services.exe ->) () [File not signed] C:\Windows\AutoKMS\AutoKMS.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Now.gg, INC -> BlueStack Systems, Inc.) C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19573704 2024-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [423832 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [9831832 2024-03-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\Run: [CCleaner Smart Cleaning] => C:\Users\Radovan Noga\Documents\CCleaner\CCleaner.exe [13797712 2019-08-12] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d344-07f1-11ec-be70-d0374560496c} - "G:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d348-07f1-11ec-be70-d0374560496c} - "H:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d349-07f1-11ec-be70-d0374560496c} - "I:\autorun.exe"
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.168\Installer\chrmstp.exe [2023-10-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\104.0.5112.79\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8962A1B8-C73E-4CB8-899F-8649145C1AD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {D665E8A6-7468-4C61-BA9E-B395047FF2C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046784 2024-02-11] () [File not signed]
Task: {8135E99E-3E2B-40F4-A051-D8CAB019908E} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4979096 2024-03-19] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {83D046BC-52A6-4451-97AE-27C47CC209B6} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7786904 2024-03-14] (Avast Software s.r.o. -> Avast Software)
Task: {7D44BE8A-660F-4B9F-A7E4-F25B3DBEF005} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5188504 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {F34935C1-795C-4BD3-8862-32DA4351D8FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-02] (Avast Software s.r.o. -> Avast Software)
Task: {E1F51BE0-67F7-4FF1-9714-667532BCC17E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-11] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {089B48D5-4AFF-4CD1-880F-5A98211A1E5D} - System32\Tasks\CCleanerSkipUAC => C:\Users\Radovan Noga\Documents\CCleaner\CCleaner.exe [13797712 2019-08-12] (Piriform Ltd -> Piriform Ltd)
Task: {D479B4E5-5C51-409B-A147-B633F1B81274} - System32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2} - System32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\Windows\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{151DA0B1-1517-4659-BD66-44F578B730E0}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default [2024-05-04]
CHR Notifications: Default -> hxxps://sdilej.cz; hxxps://www.autoscout24.cz; hxxps://www.erotickykontakt.cz; hxxps://www.facebook.com; hxxps://www.gametwist.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.seznam.cz/?clid=22668"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Seznam Doplněk – Email) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2023-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-25]
CHR Extension: (Netpanel) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbidbgoheiddfilfipcobicemncfogno [2024-05-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-19]
CHR Extension: (Seznam.cz) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2023-08-07]
CHR Extension: (Eiffel Tower) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2023-04-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9139608 2024-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [766360 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2275736 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1201560 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [18727320 2024-03-19] (Avast Software s.r.o. -> AVAST Software)
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2021-12-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\system32\drivers\AmUStor.SYS [117728 2021-12-27] (Alcor Micro, Corp. -> )
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [230448 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [379960 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [292920 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [84536 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [28728 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [268856 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [548912 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [93752 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [69176 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [935992 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [695864 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [201784 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [306232 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R3 NVHDA; C:\Windows\system32\drivers\nvhda64v.sys [129960 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2021-08-28] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
U3 adhmi4ue; C:\Windows\System32\Drivers\adhmi4ue.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]
S3 netr28ux; \SystemRoot\system32\DRIVERS\netr28ux.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-04 19:52 - 2024-05-04 19:53 - 000017321 _____ C:\Users\Radovan Noga\Desktop\FRST.txt
2024-05-04 19:40 - 2024-05-04 19:40 - 000433720 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-02 23:03 - 2024-04-02 10:50 - 000314776 _____ (Gen Digital Inc.) C:\Windows\system32\aswBoot.exe
2024-04-11 20:21 - 2024-04-11 20:21 - 000000000 ____D C:\Users\Radovan Noga\Downloads\Nová složka
2024-04-09 23:27 - 2024-04-09 23:27 - 000002013 _____ C:\Users\Radovan Noga\Desktop\Marsaction.lnk
2024-04-07 01:04 - 2024-04-07 01:04 - 000000000 ____D C:\Windows\system32\o2

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-04 19:53 - 2024-01-12 16:20 - 000000000 ____D C:\FRST
2024-05-04 19:47 - 2012-07-26 12:01 - 000726246 _____ C:\Windows\system32\perfh005.dat
2024-05-04 19:47 - 2012-07-26 12:01 - 000147800 _____ C:\Windows\system32\perfc005.dat
2024-05-04 19:47 - 2012-07-26 09:28 - 001714430 _____ C:\Windows\system32\PerfStringBackup.INI
2024-05-04 19:47 - 2012-07-26 07:37 - 000000000 ____D C:\Windows\Inf
2024-05-04 19:44 - 2021-08-19 03:41 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-04 19:41 - 2023-09-15 11:39 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2024-05-04 19:41 - 2021-08-19 22:46 - 000000000 ____D C:\ProgramData\Avast Software
2024-05-04 19:40 - 2021-08-19 10:51 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-04 19:40 - 2012-07-26 09:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-04 19:39 - 2012-07-26 07:26 - 000262144 ___SH C:\Windows\system32\config\BBI
2024-05-04 19:27 - 2021-08-19 23:32 - 000000000 ____D C:\Users\Radovan Noga\AppData\Local\CrashDumps
2024-05-04 17:33 - 2024-01-29 14:30 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2024-05-04 17:32 - 2024-01-29 14:31 - 000000000 ____D C:\ProgramData\bst_boost_interprocess
2024-05-03 11:50 - 2021-12-24 02:49 - 000002057 _____ C:\Users\Radovan Noga\Desktop\SimCity.lnk
2024-05-02 23:05 - 2024-02-11 23:47 - 000003758 _____ C:\Windows\system32\Tasks\AutoKMS
2024-05-02 23:04 - 2024-02-11 23:47 - 000000000 ____D C:\Windows\AutoKMS
2024-05-02 23:04 - 2021-08-19 22:58 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2024-05-02 22:59 - 2021-12-17 01:50 - 000000000 ____D C:\Windows\Minidump
2024-05-02 22:56 - 2024-01-10 08:52 - 000000000 ____D C:\Users\UpdatusUser
2024-05-02 22:51 - 2021-08-19 03:31 - 000000000 ____D C:\Users\Radovan Noga
2024-05-02 22:50 - 2021-08-27 07:40 - 000000000 ____D C:\Windows\system32\AutoUpdateLicense
2024-05-02 22:49 - 2024-01-29 14:30 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2024-05-02 22:49 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\registration
2024-05-02 22:48 - 2021-08-19 10:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-05-02 22:48 - 2012-07-26 09:19 - 000000000 ____D C:\Windows\ServiceProfiles
2024-05-02 22:31 - 2024-01-03 01:08 - 000003584 ___SH C:\Users\Radovan Noga\Desktop\Thumbs.db
2024-05-02 22:19 - 2021-09-13 22:41 - 000059392 ___SH C:\Users\Radovan Noga\Downloads\Thumbs.db
2024-04-25 23:36 - 2021-09-09 20:22 - 000000000 ____D C:\Users\Radovan Noga\AppData\Roaming\Microsoft\Šablony
2024-04-18 08:58 - 2024-02-01 15:52 - 000003682 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}
2024-04-18 08:58 - 2024-02-01 15:52 - 000003554 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}
2024-04-18 08:58 - 2021-12-24 02:25 - 000003860 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
2024-04-18 08:58 - 2021-08-28 13:27 - 000002832 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2024-04-15 21:53 - 2024-04-03 15:36 - 000000000 ____D C:\Users\Radovan Noga\Downloads\cnc maps
2024-04-07 01:07 - 2022-02-05 00:40 - 000004478 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories ========

2022-12-04 22:23 - 2022-12-04 22:23 - 000000261 _____ () C:\ProgramData\temp_Delete.bat
2022-12-04 22:23 - 2022-12-04 22:23 - 000000096 _____ () C:\ProgramData\temp_runbat.vbs
2021-08-20 23:07 - 2022-04-08 07:34 - 000007603 _____ () C:\Users\Radovan Noga\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2024-04-20 22:20
==================== End of FRST.txt ========================

a tady addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.01.2024
Ran by Radovan Noga (04-05-2024 19:54:35)
Running from C:\Users\Radovan Noga\Desktop
Microsoft Windows 8 (X64) (2021-08-19 01:31:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2281608426-3442553567-4178391062-500 - Administrator - Disabled)
Guest (S-1-5-21-2281608426-3442553567-4178391062-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2281608426-3442553567-4178391062-1003 - Limited - Enabled)
Radovan Noga (S-1-5-21-2281608426-3442553567-4178391062-1001 - Administrator - Enabled) => C:\Users\Radovan Noga
UpdatusUser (S-1-5-21-2281608426-3442553567-4178391062-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 24.001.20643 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aktualizace NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 23.4.15807.16040 - Avast Software)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 24.3.6108 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.14.22.1003 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\BlueStacks X) (Version: 10.5.22.1006 - now.gg, Inc.)
CnCNet5 Yuri's Revenge (HKLM-x32\...\{D22A250A-085F-415E-959E-8DB49F4E4CCA}_is1) (Version: 1.0 - cncnet.org)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version: - )
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.168 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2372.2 - Rockstar Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821 (HKLM\...\{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821 (HKLM\...\{0093C20C-273D-4397-B623-515CB8616CB9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.45.416 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Sniper Elite 3 v1.14 incl DLC (c) (HKLM-x32\...\Sniper Elite 3_is1) (Version: - )
Sniper Elite V2 1.0 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - ea)
TP-Link TL-WN725N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 2.1.0 - TP-Link)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)

Packages:
=========
Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Fotky -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Fotoaparát -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-02-15 23:59 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2024-02-15 23:59 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

URLSearchHook: [S-1-5-21-2281608426-3442553567-4178391062-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2021-09-01] () [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2021-09-01] () [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Radovan Noga\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Mediatek Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{28432EA2-8908-4974-8055-4F509726A22C}C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{EAEFE239-AA42-4720-BA67-CE966682FBB5}C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [{8ED09EEE-73DF-45F3-88F6-537B025DFF5D}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [{BBCB1CFC-465B-4653-B805-752D57D465D5}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{CC70E9C9-BB9F-4B10-A1A4-EB00A11F6CDE}C:\westwood\ra2\resources\clientdx.exe] => (Allow) C:\westwood\ra2\resources\clientdx.exe (CnCNet) [File not signed]
FirewallRules: [UDP Query User{705A347D-9EE8-41BF-8C78-3188DB9F4425}C:\westwood\ra2\resources\clientdx.exe] => (Allow) C:\westwood\ra2\resources\clientdx.exe (CnCNet) [File not signed]
FirewallRules: [TCP Query User{7BBE4806-3592-4CC1-8F9C-BC2FAB801CBB}C:\westwood\ra2\gamemd-spawn.exe] => (Allow) C:\westwood\ra2\gamemd-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{AA9433E8-C892-4C1E-A8A3-E2014102CBEC}C:\westwood\ra2\gamemd-spawn.exe] => (Allow) C:\westwood\ra2\gamemd-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{8E9F2E00-8782-42C1-B2B5-E86E54569C45}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{243B1549-3F4C-4F2F-8390-A24D1AA8B5FD}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [{563F5CAF-CF2B-4517-A1E7-340C7A35C612}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [{521A02AF-8712-4354-8358-EE1543D6DFAE}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [TCP Query User{9130C166-CC86-4101-9B23-20DCA6099A73}C:\users\radovan noga\desktop\ra2\ra2\game.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{D58CB696-A994-4DF1-B89D-E3D691296498}C:\users\radovan noga\desktop\ra2\ra2\game.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [{4BC3E34B-83D1-4FC1-9347-7A095B3E276B}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [{EA5F4680-8269-4091-86A8-ABB37207A461}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{42F64BA5-3D53-4BB0-8B43-AB5A1B17F91B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{784E8DAE-FA81-4406-8629-F642C6754B0C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{80DA7E85-2CE4-454A-8017-6D3BE29F46D9}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{94AA8B07-E545-4A7B-A7E2-3F330316C73A}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{EE9FFD82-96D2-474A-BD7B-1FA17A67958E}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{71CDB1BE-CE73-4A6C-9B3F-CAB29CBB7C23}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD820C83-6A98-432B-A407-A27CDE5F2DFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C3C3D2B7-5091-4029-8EDA-17981827E5A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1D5236C2-8737-4F30-AE3C-149DCB979294}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F8A59AE6-1840-43B4-B403-AD3B6F633574}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{18FA7BB6-6740-4755-BFA8-B939AE15E026}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{346FB080-DA10-4B5F-AA01-F7A94EC1371E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{6C175FB1-1C78-49C7-9BC0-B1AD7E31157B}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)

==================== Restore Points =========================

09-04-2024 18:25:05 Naplánovaný kontrolní bod
18-04-2024 12:18:41 Naplánovaný kontrolní bod
02-05-2024 22:44:25 Operace obnovení

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2024 07:45:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0x16d0
Čas spuštění chybující aplikace: 0x01da9e4ad61bb41e
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: 14908782-0a3e-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:44:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/04/2024 07:44:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/04/2024 07:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01da9e4aaf7e5e1a
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: eeed8c2c-0a3d-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0xa88
Čas spuštění chybující aplikace: 0x01da9e4a4d84944d
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: b1af769f-0a3d-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:42:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/04/2024 07:42:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/04/2024 07:42:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexovacího modulu nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

System errors:
=============
Error: (05/04/2024 07:59:18 PM) (Source: DCOM) (EventID: 10010) (User: Radovan)
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/04/2024 07:57:18 PM) (Source: DCOM) (EventID: 10010) (User: Radovan)
Description: Server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/04/2024 07:52:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 70

Error: (05/04/2024 07:52:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 70

Error: (05/04/2024 07:51:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 40

Error: (05/04/2024 07:51:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 70

Error: (05/04/2024 07:45:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Superfetch byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (05/04/2024 07:44:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Superfetch byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

==================== Memory info ===========================

BIOS: AMI 7.14 10/21/2011
Motherboard: Foxconn 2ABF
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 24%
Total physical RAM: 8172.85 MB
Available physical RAM: 6201.18 MB
Total Virtual: 16364.85 MB
Available Virtual: 14369.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:611.11 GB) (Model: HGST HTS721010A9E630) NTFS

\\?\Volume{f2f5692b-6b93-4e2f-95c1-079c69dcf335}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 37A0AD4E)

Partition: GPT.

==================== End of Addition.txt =======================

Zdravím!
Nejprve spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

stáhnul jsem, bylo v češtině, dal jsem scan, našlo 6 souboru, dal jsem je do karanteny ale nepožadovalo to restart.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-04-2024
# Duration: 00:00:06
# OS: Windows 8
# Cleaned: 6
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Outbyte
Deleted C:\ProgramData\Outbyte

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Seznam Doplněk – Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam Doplněk – Esko - olfeabkoenfaoljndfecamgilllcpiak
Deleted ejbpjlaagejfakeobljhgplbgklgemll
Deleted mallpejgeafdahhflmliiahjdpgbegpk

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1766 octets] - [04/05/2024 21:43:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Dejte nové logy FRST+Addition.

opět to při scanování zamrzlo asi na 5 minut, pak dokončilo scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.01.2024
Ran by Radovan Noga (administrator) on RADOVAN (Hewlett-Packard HP Pro 3400 Series MT) (04-05-2024 22:12:30)
Running from C:\Users\Radovan Noga\Desktop\FRST64.exe
Loaded Profiles: Radovan Noga & UpdatusUser
Platform: Microsoft Windows 8 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19573704 2024-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [423832 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [9831832 2024-03-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\Run: [CCleaner Smart Cleaning] => C:\Users\Radovan Noga\Documents\CCleaner\CCleaner.exe [13797712 2019-08-12] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d344-07f1-11ec-be70-d0374560496c} - "G:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d348-07f1-11ec-be70-d0374560496c} - "H:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d349-07f1-11ec-be70-d0374560496c} - "I:\autorun.exe"
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.168\Installer\chrmstp.exe [2023-10-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\104.0.5112.79\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8962A1B8-C73E-4CB8-899F-8649145C1AD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {D665E8A6-7468-4C61-BA9E-B395047FF2C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046784 2024-02-11] () [File not signed]
Task: {8135E99E-3E2B-40F4-A051-D8CAB019908E} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4979096 2024-03-19] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {83D046BC-52A6-4451-97AE-27C47CC209B6} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7786904 2024-03-14] (Avast Software s.r.o. -> Avast Software)
Task: {7D44BE8A-660F-4B9F-A7E4-F25B3DBEF005} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5188504 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {F34935C1-795C-4BD3-8862-32DA4351D8FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-02] (Avast Software s.r.o. -> Avast Software)
Task: {E1F51BE0-67F7-4FF1-9714-667532BCC17E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-11] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {089B48D5-4AFF-4CD1-880F-5A98211A1E5D} - System32\Tasks\CCleanerSkipUAC => C:\Users\Radovan Noga\Documents\CCleaner\CCleaner.exe [13797712 2019-08-12] (Piriform Ltd -> Piriform Ltd)
Task: {D479B4E5-5C51-409B-A147-B633F1B81274} - System32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2} - System32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\Windows\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{151DA0B1-1517-4659-BD66-44F578B730E0}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default [2024-05-04]
CHR Notifications: Default -> hxxps://sdilej.cz; hxxps://www.autoscout24.cz; hxxps://www.erotickykontakt.cz; hxxps://www.facebook.com; hxxps://www.gametwist.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.seznam.cz/?clid=22668"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Seznam Doplněk – Email) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2024-05-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-25]
CHR Extension: (Netpanel) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbidbgoheiddfilfipcobicemncfogno [2024-05-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-19]
CHR Extension: (Seznam.cz) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2024-05-04]
CHR Extension: (Eiffel Tower) - C:\Users\Radovan Noga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2023-04-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9139608 2024-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [766360 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2275736 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1201560 2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [18727320 2024-03-19] (Avast Software s.r.o. -> AVAST Software)
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2021-12-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\system32\drivers\AmUStor.SYS [117728 2021-12-27] (Alcor Micro, Corp. -> )
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [230448 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [379960 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [292920 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [84536 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [28728 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [268856 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [548912 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [93752 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [69176 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [935992 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [695864 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [201784 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [306232 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R3 NVHDA; C:\Windows\system32\drivers\nvhda64v.sys [129960 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2021-08-28] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
U3 adhmi4ue; C:\Windows\System32\Drivers\adhmi4ue.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]
S3 netr28ux; \SystemRoot\system32\DRIVERS\netr28ux.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-04 21:42 - 2024-05-04 21:44 - 000000000 ____D C:\AdwCleaner
2024-05-04 19:52 - 2024-05-04 22:13 - 000016463 _____ C:\Users\Radovan Noga\Desktop\FRST.txt
2024-05-04 19:40 - 2024-05-04 19:40 - 000433720 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-02 23:03 - 2024-04-02 10:50 - 000314776 _____ (Gen Digital Inc.) C:\Windows\system32\aswBoot.exe
2024-04-11 20:21 - 2024-05-04 21:41 - 000000000 ____D C:\Users\Radovan Noga\Downloads\Nová složka
2024-04-09 23:27 - 2024-04-09 23:27 - 000002013 _____ C:\Users\Radovan Noga\Desktop\Marsaction.lnk
2024-04-07 01:04 - 2024-04-07 01:04 - 000000000 ____D C:\Windows\system32\o2

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-04 22:12 - 2024-01-12 16:20 - 000000000 ____D C:\FRST
2024-05-04 22:11 - 2021-08-19 23:32 - 000000000 ____D C:\Users\Radovan Noga\AppData\Local\CrashDumps
2024-05-04 21:57 - 2021-08-19 03:41 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-04 21:51 - 2024-01-29 14:30 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2024-05-04 21:50 - 2024-01-29 14:31 - 000000000 ____D C:\ProgramData\bst_boost_interprocess
2024-05-04 21:44 - 2021-08-19 10:51 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-04 21:41 - 2021-09-13 22:41 - 000059392 ___SH C:\Users\Radovan Noga\Downloads\Thumbs.db
2024-05-04 20:27 - 2024-02-01 15:52 - 000003682 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}
2024-05-04 20:27 - 2024-02-01 15:52 - 000003554 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}
2024-05-04 20:27 - 2021-12-24 02:25 - 000003860 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
2024-05-04 20:27 - 2021-08-28 13:27 - 000002832 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2024-05-04 20:27 - 2021-08-19 22:58 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2024-05-04 20:26 - 2024-02-11 23:47 - 000003758 _____ C:\Windows\system32\Tasks\AutoKMS
2024-05-04 19:47 - 2012-07-26 12:01 - 000726246 _____ C:\Windows\system32\perfh005.dat
2024-05-04 19:47 - 2012-07-26 12:01 - 000147800 _____ C:\Windows\system32\perfc005.dat
2024-05-04 19:47 - 2012-07-26 09:28 - 001714430 _____ C:\Windows\system32\PerfStringBackup.INI
2024-05-04 19:47 - 2012-07-26 07:37 - 000000000 ____D C:\Windows\Inf
2024-05-04 19:41 - 2023-09-15 11:39 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2024-05-04 19:41 - 2021-08-19 22:46 - 000000000 ____D C:\ProgramData\Avast Software
2024-05-04 19:40 - 2012-07-26 09:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-04 19:39 - 2012-07-26 07:26 - 000262144 ___SH C:\Windows\system32\config\BBI
2024-05-03 11:50 - 2021-12-24 02:49 - 000002057 _____ C:\Users\Radovan Noga\Desktop\SimCity.lnk
2024-05-02 23:04 - 2024-02-11 23:47 - 000000000 ____D C:\Windows\AutoKMS
2024-05-02 22:59 - 2021-12-17 01:50 - 000000000 ____D C:\Windows\Minidump
2024-05-02 22:56 - 2024-01-10 08:52 - 000000000 ____D C:\Users\UpdatusUser
2024-05-02 22:51 - 2021-08-19 03:31 - 000000000 ____D C:\Users\Radovan Noga
2024-05-02 22:50 - 2021-08-27 07:40 - 000000000 ____D C:\Windows\system32\AutoUpdateLicense
2024-05-02 22:49 - 2024-01-29 14:30 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2024-05-02 22:49 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\registration
2024-05-02 22:48 - 2021-08-19 10:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-05-02 22:48 - 2012-07-26 09:19 - 000000000 ____D C:\Windows\ServiceProfiles
2024-05-02 22:31 - 2024-01-03 01:08 - 000003584 ___SH C:\Users\Radovan Noga\Desktop\Thumbs.db
2024-04-25 23:36 - 2021-09-09 20:22 - 000000000 ____D C:\Users\Radovan Noga\AppData\Roaming\Microsoft\Šablony
2024-04-15 21:53 - 2024-04-03 15:36 - 000000000 ____D C:\Users\Radovan Noga\Downloads\cnc maps
2024-04-07 01:07 - 2022-02-05 00:40 - 000004478 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories ========

2022-12-04 22:23 - 2022-12-04 22:23 - 000000261 _____ () C:\ProgramData\temp_Delete.bat
2022-12-04 22:23 - 2022-12-04 22:23 - 000000096 _____ () C:\ProgramData\temp_runbat.vbs
2021-08-20 23:07 - 2022-04-08 07:34 - 000007603 _____ () C:\Users\Radovan Noga\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2024-05-04 20:00
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.01.2024
Ran by Radovan Noga (04-05-2024 22:14:00)
Running from C:\Users\Radovan Noga\Desktop
Microsoft Windows 8 (X64) (2021-08-19 01:31:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2281608426-3442553567-4178391062-500 - Administrator - Disabled)
Guest (S-1-5-21-2281608426-3442553567-4178391062-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2281608426-3442553567-4178391062-1003 - Limited - Enabled)
Radovan Noga (S-1-5-21-2281608426-3442553567-4178391062-1001 - Administrator - Enabled) => C:\Users\Radovan Noga
UpdatusUser (S-1-5-21-2281608426-3442553567-4178391062-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 24.001.20643 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aktualizace NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 23.4.15807.16040 - Avast Software)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 24.3.6108 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.14.22.1003 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\BlueStacks X) (Version: 10.5.22.1006 - now.gg, Inc.)
CnCNet5 Yuri's Revenge (HKLM-x32\...\{D22A250A-085F-415E-959E-8DB49F4E4CCA}_is1) (Version: 1.0 - cncnet.org)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version: - )
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.168 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2372.2 - Rockstar Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821 (HKLM\...\{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821 (HKLM\...\{0093C20C-273D-4397-B623-515CB8616CB9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.45.416 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Sniper Elite 3 v1.14 incl DLC (c) (HKLM-x32\...\Sniper Elite 3_is1) (Version: - )
Sniper Elite V2 1.0 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - ea)
TP-Link TL-WN725N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 2.1.0 - TP-Link)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)

Packages:
=========
Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Fotky -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Fotoaparát -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]
Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-02] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-02-15 23:59 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2024-02-15 23:59 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

URLSearchHook: [S-1-5-21-2281608426-3442553567-4178391062-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2021-09-01] () [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2021-09-01] () [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Radovan Noga\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Mediatek Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{28432EA2-8908-4974-8055-4F509726A22C}C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{EAEFE239-AA42-4720-BA67-CE966682FBB5}C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [{8ED09EEE-73DF-45F3-88F6-537B025DFF5D}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [{BBCB1CFC-465B-4653-B805-752D57D465D5}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\gamemd.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{CC70E9C9-BB9F-4B10-A1A4-EB00A11F6CDE}C:\westwood\ra2\resources\clientdx.exe] => (Allow) C:\westwood\ra2\resources\clientdx.exe (CnCNet) [File not signed]
FirewallRules: [UDP Query User{705A347D-9EE8-41BF-8C78-3188DB9F4425}C:\westwood\ra2\resources\clientdx.exe] => (Allow) C:\westwood\ra2\resources\clientdx.exe (CnCNet) [File not signed]
FirewallRules: [TCP Query User{7BBE4806-3592-4CC1-8F9C-BC2FAB801CBB}C:\westwood\ra2\gamemd-spawn.exe] => (Allow) C:\westwood\ra2\gamemd-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{AA9433E8-C892-4C1E-A8A3-E2014102CBEC}C:\westwood\ra2\gamemd-spawn.exe] => (Allow) C:\westwood\ra2\gamemd-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{8E9F2E00-8782-42C1-B2B5-E86E54569C45}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{243B1549-3F4C-4F2F-8390-A24D1AA8B5FD}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [{563F5CAF-CF2B-4517-A1E7-340C7A35C612}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [{521A02AF-8712-4354-8358-EE1543D6DFAE}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [TCP Query User{9130C166-CC86-4101-9B23-20DCA6099A73}C:\users\radovan noga\desktop\ra2\ra2\game.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [UDP Query User{D58CB696-A994-4DF1-B89D-E3D691296498}C:\users\radovan noga\desktop\ra2\ra2\game.exe] => (Allow) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [{4BC3E34B-83D1-4FC1-9347-7A095B3E276B}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [{EA5F4680-8269-4091-86A8-ABB37207A461}] => (Block) C:\users\radovan noga\desktop\ra2\ra2\game.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{42F64BA5-3D53-4BB0-8B43-AB5A1B17F91B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{784E8DAE-FA81-4406-8629-F642C6754B0C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{80DA7E85-2CE4-454A-8017-6D3BE29F46D9}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{94AA8B07-E545-4A7B-A7E2-3F330316C73A}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{EE9FFD82-96D2-474A-BD7B-1FA17A67958E}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{71CDB1BE-CE73-4A6C-9B3F-CAB29CBB7C23}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD820C83-6A98-432B-A407-A27CDE5F2DFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C3C3D2B7-5091-4029-8EDA-17981827E5A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1D5236C2-8737-4F30-AE3C-149DCB979294}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F8A59AE6-1840-43B4-B403-AD3B6F633574}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{18FA7BB6-6740-4755-BFA8-B939AE15E026}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{346FB080-DA10-4B5F-AA01-F7A94EC1371E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{6C175FB1-1C78-49C7-9BC0-B1AD7E31157B}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)

==================== Restore Points =========================

18-04-2024 12:18:41 Naplánovaný kontrolní bod
02-05-2024 22:44:25 Operace obnovení

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2024 10:12:50 PM) (Source: VSS) (EventID: 12297) (User: )
Description: Chyba služby Stínová kopie svazku: Po dobu vytváření stínové kopie na svazku \\?\Volume{35b4c2a6-8b7f-4dcb-8b71-aa204e43d9aa}\ nelze zapsat vstupně-výstupní zápisy.
Index svazku v sadě stínové kopie: 0. Podrobnosti o chybě: Otevřeno[0x00000000, Operace byla dokončena úspěšně.
], Zapsáno[0x80042302, V součásti Stínová kopie svazku došlo k neočekávané chybě.
Další informace získáte v protokolu událostí aplikace.
], Uvolněno[0x00000000, Operace byla dokončena úspěšně.
], Spuštěno[0x00000000, Operace byla dokončena úspěšně.
].

Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (05/04/2024 10:12:49 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{35b4c2a6-8b7f-4dcb-8b71-aa204e43d9aa} - 0000000000000214,0x0053c000,0000003485647600,0,0000003485648610,4096,[0]). hr = 0x80070005, Přístup byl odepřen..

Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: calling flush-and-hold IOCTL
Aktuální stav: flush-and-hold writes
Název svazku: \\?\Volume{35b4c2a6-8b7f-4dcb-8b71-aa204e43d9aa}\

Error: (05/04/2024 10:11:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueStacksAppplayerWeb.exe, verze: 5.15.4.0, časové razítko: 0x63ea6231
Název chybujícího modulu: ntdll.dll, verze: 6.2.9200.17581, časové razítko: 0x5644f0f7
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000005491
ID chybujícího procesu: 0x126c
Čas spuštění chybující aplikace: 0x01da9e5c86f5a2ae
Cesta k chybující aplikaci: C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 7d16a969-0a52-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:45:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0x16d0
Čas spuštění chybující aplikace: 0x01da9e4ad61bb41e
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: 14908782-0a3e-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:44:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/04/2024 07:44:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/04/2024 07:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01da9e4aaf7e5e1a
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: eeed8c2c-0a3d-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/04/2024 07:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.2.9200.16420, časové razítko: 0x505a9a4e
Název chybujícího modulu: sysmain.dll, verze: 6.2.9200.17436, časové razítko: 0x55a05ea7
Kód výjimky: 0xc0000420
Posun chyby: 0x00000000000b4306
ID chybujícího procesu: 0xa88
Čas spuštění chybující aplikace: 0x01da9e4a4d84944d
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: b1af769f-0a3d-11ef-bed2-e8393559b4f9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

System errors:
=============
Error: (05/04/2024 10:18:44 PM) (Source: DCOM) (EventID: 10010) (User: Radovan)
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/04/2024 10:16:44 PM) (Source: DCOM) (EventID: 10010) (User: Radovan)
Description: Server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/04/2024 10:12:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 70

Error: (05/04/2024 10:12:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 70

Error: (05/04/2024 09:52:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 40

Error: (05/04/2024 09:52:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ze vzdáleného koncového bodu byla přijata následující výstraha o závažné chybě. Kód výstrahy o závažné chybě definovaný protokolem TLS: 40

Error: (05/04/2024 09:44:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast Cleanup byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (05/04/2024 09:44:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba StarWind AE Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

==================== Memory info ===========================

BIOS: AMI 7.14 10/21/2011
Motherboard: Foxconn 2ABF
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 19%
Total physical RAM: 8172.85 MB
Available physical RAM: 6592.54 MB
Total Virtual: 16364.85 MB
Available Virtual: 14297.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:611.32 GB) (Model: HGST HTS721010A9E630) NTFS

\\?\Volume{f2f5692b-6b93-4e2f-95c1-079c69dcf335}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 37A0AD4E)

Partition: GPT.

==================== End of Addition.txt =======================

nemůže to být, když otevřu chrome jeden, hned jich vyskočí 7 a 13 avastu ve správci uloh a disk je na 100%, pak všechno strašně dlouho trvá, ale před tím to nedělalo.

Možné to je, ale nejdřív dokončíme čištění. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d344-07f1-11ec-be70-d0374560496c} - "G:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d348-07f1-11ec-be70-d0374560496c} - "H:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d349-07f1-11ec-be70-d0374560496c} - "I:\autorun.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {D665E8A6-7468-4C61-BA9E-B395047FF2C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046784 2024-02-11] () [File not signed]
C:\Windows\AutoKMS
Task: {D479B4E5-5C51-409B-A147-B633F1B81274} - System32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2} - System32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
U3 adhmi4ue; C:\Windows\System32\Drivers\adhmi4ue.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}
C:\Windows\system32\Tasks\AutoKMS
C:\ProgramData\temp_Delete.bat
C:\ProgramData\temp_runbat.vbs
URLSearchHook: [S-1-5-21-2281608426-3442553567-4178391062-1004] ATTENTION => Default URLSearchHook is missing

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.01.2024
Ran by Radovan Noga (05-05-2024 19:40:00) Run:2
Running from C:\Users\Radovan Noga\Desktop
Loaded Profiles: Radovan Noga & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d344-07f1-11ec-be70-d0374560496c} - "G:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d348-07f1-11ec-be70-d0374560496c} - "H:\autorun.exe"
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\...\MountPoints2: {51f0d349-07f1-11ec-be70-d0374560496c} - "I:\autorun.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {D665E8A6-7468-4C61-BA9E-B395047FF2C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046784 2024-02-11] () [File not signed]
C:\Windows\AutoKMS
Task: {D479B4E5-5C51-409B-A147-B633F1B81274} - System32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
Task: {28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2} - System32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-19] (Google LLC -> Google LLC)
U3 adhmi4ue; C:\Windows\System32\Drivers\adhmi4ue.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}
C:\Windows\system32\Tasks\AutoKMS
C:\ProgramData\temp_Delete.bat
C:\ProgramData\temp_runbat.vbs
URLSearchHook: [S-1-5-21-2281608426-3442553567-4178391062-1004] ATTENTION => Default URLSearchHook is missing

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51f0d344-07f1-11ec-be70-d0374560496c} => removed successfully
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51f0d348-07f1-11ec-be70-d0374560496c} => removed successfully
HKU\S-1-5-21-2281608426-3442553567-4178391062-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51f0d349-07f1-11ec-be70-d0374560496c} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D665E8A6-7468-4C61-BA9E-B395047FF2C2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D665E8A6-7468-4C61-BA9E-B395047FF2C2}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully

"C:\Windows\AutoKMS" folder move:

C:\Windows\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D479B4E5-5C51-409B-A147-B633F1B81274}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D479B4E5-5C51-409B-A147-B633F1B81274}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28925FF0-BD0C-493F-9B33-BE4CD8DFB0A2}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}" => removed successfully
adhmi4ue => service not found.
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{F18C9722-069F-45E0-9D3A-562E1CB42AB1}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B79366EA-D44E-4324-BCB1-15DE615F94FF}" => not found
"C:\Windows\system32\Tasks\AutoKMS" => not found
C:\ProgramData\temp_Delete.bat => moved successfully
C:\ProgramData\temp_runbat.vbs => moved successfully
Could not restore Default URLSearchHook.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23334185 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 460871 B
Edge => 0 B
Chrome => 36616328 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29130 B
NetworkService => 29130 B
Radovan Noga => 14032557 B
UpdatusUser => 14032557 B

RecycleBin => 4579574693 B
EmptyTemp: => 4.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:40:19 ====

Smazáno. Zlepšil se stav?

ne pořád to je stejný, když zapnu třeba správce uloh, pořád je tam 100% disk, a po chvíli dá hlášku tento program neodpovídá. když jdu na internet, tak první stránka se načte hned, ale další po dlouhý době, a to mám internet rychlost 35-50 MB/s

Otevřte správce úloh a zjistěte, který proces disk nejvíce zatěžuje.

co je nejvíc zajímavý že všechny procesy mají 0,00 a přitom je tam 100% tomu vůbec nerozumím

Udělal jsem pokus, otevřel jsem viry-vaši stránku, seznam.cz a DSL, a ve správci úloh ,, procesy na pozadí" se objevilo otevřených google chrome 13 a všechny mají 0 MB/s a přitom je disk na 100% a v aplikacích je zatížení od 2,4 MB/s - 12 MB/s
Všechno se to strašně pomalu načítá.
Neexistuje program nebo aplikace která to zobrazí? ještě udělám defragmetaci disku, ale zas takový bordel tady nemám jen 4 hry což je asi 20 GB.

Existuje několik bezplatných aplikací, viz: https://www.zive.cz/clanky/jak-zkrotit- ... spx#part=1 , např ProcessExplorer. Je ovšem divné, proč neukazuje samotný správce procesů nic. Zkusil bych obnovu systému k datu, kdy korektně fungoval. Ani já přesně nevím, o co se jedná. Většinou to dělala těžba bitcoinů, aplikace pro ten účel tam ale není.

Tak deframgentace se zastaví na 69 % a dál dál nejede.

VIRY.CZ

disk 100% po chvíli na internetu zamrzne

disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne

Re: disk 100% po chvíli na internetu zamrzne