Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Prosím o kontrolu

#1 Příspěvek od morar »

Zdravím. Prosím o kontrolu. Toto je počítač mojí drahé polovičky a včera mě k tomu volala, že jí nefunguje myš. Počítač byl zamrzlý a šlo ho jedině natvrdo vypnout.
Dnes po spuštění se to opakovalo. Chtěl jsem ho vyčistit programem CCleaner, ale nešlo to. Hlásil, že je spuštěn Avast Secure Browser a vyžadoval jeho vynucené uzavření. Potvrdil jsem a čekal. Došlo k pádu systému a restart. Po restartu se to opakovalo. Našel jsem záložku po spuštění a zakázal spouštět uvedený prohlížeč. Následně se podařilo CCleanerem vyčistit. Teď to vypadá, že je to OK.

Přikládám logy z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Sada (administrator) on SADA-PC (18-01-2023 18:24:43)
Running from C:\Users\Sada\Desktop
Loaded Profiles: Sada (Available Profiles: Sada)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117472 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {01393d8e-1889-11e4-8ce4-bc5ff4551e34} - E:\Startme.exe
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {89da3b70-d237-11e9-aeeb-bc5ff4551e34} - E:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\system32\xfcodec64.dll [22016 2012-11-14] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\SysWOW64\xfcodec.dll [36352 2012-12-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\92.2.11577.159\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.75\Installer\chrmstp.exe [2023-01-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe [2022-12-27] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\88.0.7844.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 1.1.1.1
Tcpip\..\Interfaces\{47694619-7217-49BE-AC68-B489A063DDD9}: [DhcpNameServer] 8.8.8.8 1.1.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-05-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-05-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-17] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-17] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default [2023-01-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440 2012-09-06] (AMD) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7888408 2022-01-20] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [623216 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [353504 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-17] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe [1794040 2022-12-14] (Avast Software s.r.o. -> AVAST Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-11-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-04-12] (Even Balance, Inc. -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-15] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35680 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208552 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [365520 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250328 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99288 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41304 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [177872 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [524416 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-03-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107808 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83368 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [850120 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466696 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216376 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326976 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (Martin Malik - REALiX -> REALiX(tm))
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [56448 2011-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (BitRaider, LLC -> XFire)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-18 18:24 - 2023-01-18 18:25 - 000017812 _____ C:\Users\Sada\Desktop\FRST.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-18 18:24 - 2019-03-24 17:35 - 000000000 ____D C:\FRST
2023-01-18 17:58 - 2014-03-16 14:19 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-18 17:57 - 2014-03-16 16:26 - 000000000 ____D C:\Program Files\CCleaner
2023-01-18 17:55 - 2014-03-16 14:11 - 000000000 ____D C:\ProgramData\NVIDIA
2023-01-18 17:55 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-18 17:55 - 2009-07-14 05:45 - 000017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-01-18 17:55 - 2009-07-14 05:45 - 000017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-01-18 17:53 - 2016-02-17 16:23 - 000000000 ____D C:\ProgramData\AVAST Software
2023-01-18 17:53 - 2015-12-24 13:28 - 000000000 ____D C:\Users\Sada\AppData\Local\CrashDumps
2023-01-18 17:52 - 2014-03-16 13:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-01-18 17:51 - 2015-05-25 13:47 - 000000000 ____D C:\Program Files\Common Files\Apple
2023-01-18 17:51 - 2015-05-25 13:46 - 000000000 ____D C:\ProgramData\Apple
2023-01-18 17:31 - 2014-03-16 14:21 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-18 17:31 - 2014-03-16 14:21 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-18 17:24 - 2015-10-03 18:52 - 000000000 ____D C:\Windows\Minidump
2023-01-18 17:09 - 2009-07-14 06:08 - 000032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-01-18 17:02 - 2017-10-08 09:19 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2023-01-02 12:33 - 2022-10-07 09:41 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-01-01 16:04 - 2022-10-07 09:41 - 000003348 _____ C:\Windows\System32\Tasks\CCleanerCrashReporting
2023-01-01 16:03 - 2018-04-27 14:06 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2022-12-27 17:46 - 2019-04-24 16:29 - 000003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2022-12-27 17:46 - 2018-06-07 12:40 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2022-12-27 17:46 - 2018-06-07 12:40 - 000002358 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2020-06-08 18:45 - 2020-06-08 18:45 - 024166400 _____ () C:\Program Files (x86)\GUT6E81.tmp
2020-06-07 20:12 - 2020-06-07 20:12 - 024166400 _____ () C:\Program Files (x86)\GUTE10C.tmp
2020-06-08 13:31 - 2020-06-08 13:31 - 024166400 _____ () C:\Program Files (x86)\GUTE37C.tmp
2022-08-11 06:50 - 2022-08-11 06:50 - 000000000 _____ () C:\Users\Sada\AppData\Local\{7305FA84-7072-419A-B55F-AC0437FF8BCC}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-03-18 14:39] - [2014-03-18 15:17] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2014-03-18 14:41] - [2014-03-18 15:17] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2023-01-02 13:02

==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Sada (18-01-2023 18:25:51)
Running from C:\Users\Sada\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-15 23:48:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2586446151-2666062586-458469913-500 - Administrator - Disabled)
Guest (S-1-5-21-2586446151-2666062586-458469913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586446151-2666062586-458469913-1002 - Limited - Enabled)
Sada (S-1-5-21-2586446151-2666062586-458469913-1000 - Administrator - Enabled) => C:\Users\Sada

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACE Mega CoDecS Pack (HKLM-x32\...\{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1) (Version: 6.03.0911 - ACE DESIGN Software)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.363 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.2.2455 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 108.0.19667.125 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty - Ghosts 1.0.0.1 (HKLM-x32\...\Call of Duty - Ghosts_is1) (Version: - )
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Firestorm Launcher version 1.0 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.0 - Firestorm)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HLSW v1.4.0.5 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IObit Apps Toolbar v9.7 (HKLM-x32\...\{E029C309-4421-410B-890A-30D2E8E82D0C}) (Version: 9.7 - Spigot, Inc.) <==== ATTENTION
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nero 11 Mini Repack (HKLM-x32\...\NMMS11) (Version: - )
NVIDIA Ovladač 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ovládací panel NVIDIA 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 372.70 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
RAIDXpert (HKLM-x32\...\{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.259195 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: 1.3.32.1010 - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.613 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Warcraft III) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B91ACF-260F-41B3-8993-68049A97B2A9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (Avast Software s.r.o. -> Avast Software)
Task: {076862EF-72EB-4E7A-B0E6-99CB61735F35} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {080B26B0-25B1-4E63-BC4C-030C8CC1BE69} - \{79C4C567-AB8E-4536-AA51-F246D24981A7} -> No File <==== ATTENTION
Task: {1BE2A17D-96AB-461C-BF22-D69C9E0A566A} - System32\Tasks\{03B5708B-5B79-4AEB-9F08-E180C6CD6E7D} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {1DD4D1AD-C36A-4A4D-BB4D-A3C226FD9D2E} - System32\Tasks\CCleanerSkipUAC - Sada => C:\Program Files\CCleaner\CCleaner.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {65D350E0-53D4-4232-8CB8-E8AF5D57F39A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
Task: {7152937D-9AA7-409E-9AFB-CEA999CBB02A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {747AA499-324B-4CAA-9CCE-6012A79DE8C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {8F7B40F5-6C5E-4774-AAFE-BEBBB34D3981} - System32\Tasks\Driver Booster SkipUAC (Sada) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB717BA5-C5E7-44A5-8364-E4596F179D3E} - \{A8E4D479-0D14-4FCE-89C8-B64AEA995E98} -> No File <==== ATTENTION
Task: {AD88760E-D3C8-458E-9718-AC935B00B895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AE6752C5-EDB5-4CDB-8A2E-F7031749FBF6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
Task: {BE65CC2B-E178-4BE6-B776-9BBA8E756C80} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {C244EC74-25FA-4FC8-A2CB-2648C1CB1521} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CAEE549F-23A6-47CC-AD32-4F26612E4410} - System32\Tasks\{B40DF67D-8A19-4129-B6A6-CF2EB06D280B} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {D0C5032A-75B3-4502-BF7F-134D573861BD} - System32\Tasks\{AFE6B1F9-7392-4FC1-8EC6-C9EDFB648C2A} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {E0C19F9F-8DF5-4CD1-A1A9-F082B52CB00E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {F3130B46-C0E7-47C7-85F6-B734F2AA3877} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F9851BC8-AD9F-48EA-B268-0571B6D8495D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
Task: {FA3B1D6A-D956-400D-B4E2-482AF208EF55} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe (Adobe Inc. -> Adobe)
Task: {FE677FF2-2C0F-4245-834C-7376F984E3AB} - System32\Tasks\{E5CD1BA5-70B0-4767-94C6-89FB614E59F3} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-18 14:39 - 2014-03-18 15:17 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000061440 _____ (AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
2012-09-06 09:12 - 2012-09-06 09:12 - 000065536 _____ (AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2014-03-16 13:38 - 2005-06-07 12:26 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000122880 _____ (AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2012-09-06 09:11 - 2012-09-06 09:11 - 000139264 _____ (AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2014-03-18 14:41 - 2014-03-18 15:17 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 002334720 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\client\jvm.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000015872 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\hpi.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000031744 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\verify.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000126976 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\java.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000047104 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\zip.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000077824 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\net.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000176128 _____ (Promise Technology, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\pmsjni.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000278528 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\pri2plgnnapa.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000098304 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\prerrlog.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000536576 _____ () [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000114688 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\prdecode.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000018432 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\management.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000020480 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\nio.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-30 08:16 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sada\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AvastBrowserAutoLaunch_4EDD67AB4B4ED7535929209128468110 => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --onboarding-at-startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F0B59A9-761A-4EEA-B927-6690885822CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF168576-B110-4031-B40D-1EBE60527B7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C270FFF0-0379-4D5B-BCA8-9791F49CD8E1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{EF3ACD68-17FE-4C3E-850D-A93938CD4FF1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{CDDFCBB8-B4FC-4288-B141-4722C2260D11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2D925FB5-5B23-4E49-8FE8-DD876A74A5DF}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{F2C6BC5E-9D8E-4B13-9580-614AB8F93874}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{3D7F941E-B422-4F66-8B51-294228F4EA2A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{52BDFBE2-D019-4992-A5D1-5530BFFE566F}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{CAC52F32-D580-4D2C-92E9-C6D443D47104}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{33A5CA8B-8B5A-4C47-A8EA-6B9ABB2F06AA}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A76666B6-EF3E-4407-829E-D3A2B405974E}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [UDP Query User{C38F0ABD-8275-41FD-ADD3-26122CC4E0D1}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{F4FA9233-54CF-4449-BC5F-95FF52AB1D0B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{050324B7-B174-4A76-AC44-F6DEB3627D2B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{D144781F-BBDD-45B2-83E9-7EB95F841DEB}] => (Allow) LPort=80
FirewallRules: [{644DDD71-6777-48C3-B7D8-B4CA31357C78}] => (Allow) LPort=443
FirewallRules: [{13AEFAF0-2E43-44BE-8417-3AAFBDBAA185}] => (Allow) LPort=20010
FirewallRules: [{79B3458F-D1F3-48F9-BDFA-BA3CA06E33BA}] => (Allow) LPort=3478
FirewallRules: [{721F63FD-11B7-4463-90C3-F3B15BE59100}] => (Allow) LPort=7850
FirewallRules: [{DD40E129-BFCE-427F-B9B0-2E4ECAF0A678}] => (Allow) LPort=7852
FirewallRules: [{A1496419-4BD3-40D7-8A1E-52DC8F5C9A5F}] => (Allow) LPort=7853
FirewallRules: [{509F3188-3102-4456-9CDB-3A370DB4394A}] => (Allow) LPort=27022
FirewallRules: [{8A187787-008E-4E02-A27A-6898CAF2FF8C}] => (Allow) LPort=6881
FirewallRules: [{F42081D2-0603-4809-B62D-67A922DC1327}] => (Allow) LPort=33333
FirewallRules: [{57CD5445-71DD-4E80-8154-616D136F916E}] => (Allow) LPort=20443
FirewallRules: [{2AC68148-04A8-4F82-A5C6-EF94BACC98CE}] => (Allow) LPort=8090
FirewallRules: [{95D0F51C-CB5A-4879-98BD-6D23B3B00465}] => (Allow) %ProgramFiles%\Zune\Zune.exe No File
FirewallRules: [TCP Query User{AE1076B1-AFF5-4F0F-AD62-15F4D6598A47}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{D958E1C5-F829-4062-B260-BF2A1E645268}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{023C9E71-0634-4AA3-B114-C60CEF2B3ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9219E1EA-3F11-4DA3-8023-C445DA54E170}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F470CD7E-7F44-4067-A2E7-369D979CE9EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1A46A941-7A03-4820-9EB9-26289102BA68}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{152CEA05-D7BC-445B-B994-1B48EE4026EF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{51682CC5-2D2C-4836-8BF2-7AC01521A051}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2154024B-4A9D-4F0F-8727-50C5E7D68257}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{CEC92FF8-F53C-4E0D-967A-FB6853028BC9}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [{158749E9-EB38-41FB-AC7C-C6128A1B6EDA}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{DB9FB825-367E-42D4-B204-A19A4F42EF56}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{16A91F06-E5A7-414D-B351-93EEE962371C}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{7A8D2FB2-72D7-4953-AA12-DA94282161C1}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{E1A2B81B-F65F-4966-B690-8A049C3BF73F}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7A4E34D3-8358-4BDD-97F4-1F97BAB5A224}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{0315352B-2F2A-440B-8B84-14409FFE415F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21292D8D-47F8-4F8F-B37E-E6ABD3484DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{60B7A6BD-084B-4214-A72C-E898C355E8B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BCC5CE20-ED3C-4783-82AB-FB2C4F60EB89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C16AA97C-BB83-4A48-9224-AC27122A06A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C5D9B8A-7370-42B5-AE51-526D8B60858C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{03F3C133-EF90-4B7F-9F6E-78CE2A6CAFF7}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{E7EDA3EC-E253-444F-B624-CC14B3F234E3}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{3771FEA2-3C44-4966-AB83-9F25DA3D19DE}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FEC850FF-6F05-4BAD-A1F9-90DCB29D63D8}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{E028376B-FA7C-4E0C-B457-EE3DCDD550AC}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{76323660-07F3-4C05-9EFF-0C1B6E201FB2}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{27EA8C8A-1D04-4D99-ADAC-B35730A98C6C}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{CF7A5BA7-28EF-4BBA-ADDC-0DAE63B465B0}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [UDP Query User{C8084811-2DE9-43E5-AC60-70F1C87E66A4}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{F6542340-C59A-4BDA-A64B-821E3E942973}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [UDP Query User{A89FF35D-B42B-4AFC-88F9-F3E555AAD824}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [TCP Query User{EEB01A45-A825-441D-8C03-52167FDE0002}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9632D96F-7B38-4E89-B573-077056D60476}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{DAF4DF82-725D-41F3-A112-522A27690F27}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{9840C30B-0EAF-463E-B081-433ACE5CD175}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7252AB87-FEC9-49CF-BFFC-C5039F6F20D1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{64D44895-05D1-4561-A9E9-43DC655AF739}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{57393283-7F08-48FA-8F82-D78AE47B1D48}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{76D2AEE7-B3B7-4A1E-AB6A-9D0EF5D21569}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E9EF881D-5C7D-4DFB-9B32-6CE2CBA0A231}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{21AEFC7F-9DCD-4454-8B78-8A156A074F95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-12-2022 17:44:13 Naplánovaný kontrolní bod
17-12-2022 11:04:59 Naplánovaný kontrolní bod
24-12-2022 21:24:25 Naplánovaný kontrolní bod
01-01-2023 16:56:40 Naplánovaný kontrolní bod
10-01-2023 21:55:57 Naplánovaný kontrolní bod
18-01-2023 17:43:22 Removed Bonjour
18-01-2023 17:44:25 Removed iTunes
18-01-2023 17:46:26 Removed LogMeIn Hamachi
18-01-2023 17:47:30 Removed Apple Mobile Device Support
18-01-2023 17:48:21 Removed Apple Software Update
18-01-2023 17:48:51 Removed Apple Mobile Device Support
18-01-2023 17:49:49 Removed Podpora aplikací Apple (32bitová)
18-01-2023 17:50:47 Removed Podpora aplikací Apple (64bitová)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2023 05:56:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (01/18/2023 05:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: setup.exe_Sony PC Companion, verze: 17.0.0.717, časové razítko: 0x4cab8cfa
Název chybujícího modulu: TMonitorAPI.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x4f9e6213
Kód výjimky: 0xc0000005
Posun chyby: 0x72ef46f0
ID chybujícího procesu: 0x1854
Čas spuštění chybující aplikace: 0x01d92b5d2d004300
Cesta k chybující aplikaci: C:\Users\Sada\AppData\Local\Temp\{BD486BC1-F4B4-4BC3-8B54-84380D49D3C5}\setup.exe
Cesta k chybujícímu modulu: TMonitorAPI.dll
ID zprávy: 8821d53e-9750-11ed-89fe-bc5ff4551e34

Error: (01/18/2023 05:37:59 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (01/18/2023 05:19:21 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (01/18/2023 05:15:01 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (01/18/2023 05:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.1.7601.17567, časové razítko: 0x4d672ee4
Název chybujícího modulu: wwanapi.dll, verze: 6.1.7600.16385, časové razítko: 0x4a5be0a8
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000333eb
ID chybujícího procesu: 0x620
Čas spuštění chybující aplikace: 0x01d92b57386fdd53
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: C:\Windows\system32\wwanapi.dll
ID zprávy: a57f493a-974a-11ed-a1e9-bc5ff4551e34

Error: (01/18/2023 05:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error: (01/18/2023 04:59:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.


System errors:
=============
Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/18/2023 06:13:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2023 06:13:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.


CodeIntegrity:
===================================

Date: 2016-09-20 16:26:15.248
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-20 16:26:15.247
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 55%
Total physical RAM: 8169.44 MB
Available physical RAM: 3642.98 MB
Total Virtual: 16337.05 MB
Available Virtual: 10768.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:139.24 GB) NTFS
Drive d: () (Fixed) (Total:74.55 GB) (Free:54.87 GB) NTFS

\\?\Volume{cb55c6fc-ac9a-11e3-858b-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: AB41F5E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 74.6 GB) (Disk ID: F8CEF8CE)
Partition 1: (Active) - (Size=74.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15364
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o kontrolu

#2 Příspěvek od JaRon »

Ahoj
Aktivace licence systému Windows se nezdařila
Vypada, ze system nie je legalny :!:
Pokial je, tak upgradni na W10
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

morar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 212
Registrován: 01 kvě 2007 16:35
Bydliště: Bzenec

Re: Prosím o kontrolu

#3 Příspěvek od morar »

Dík za info. Něvěděl jsem, že není legální. Je to PC po synovi, který si koupil nový a požívá ho dnes moje partnerka.
No nic udělám čistou instalaci W10. To bude asi nejlepší. :D

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15364
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o kontrolu

#4 Příspěvek od JaRon »

Veru tak :thumbsup:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Zamčeno