Zdravím. Prosím o kontrolu. Toto je počítač mojí drahé polovičky a včera mě k tomu volala, že jí nefunguje myš. Počítač byl zamrzlý a šlo ho jedině natvrdo vypnout.
Dnes po spuštění se to opakovalo. Chtěl jsem ho vyčistit programem CCleaner, ale nešlo to. Hlásil, že je spuštěn Avast Secure Browser a vyžadoval jeho vynucené uzavření. Potvrdil jsem a čekal. Došlo k pádu systému a restart. Po restartu se to opakovalo. Našel jsem záložku po spuštění a zakázal spouštět uvedený prohlížeč. Následně se podařilo CCleanerem vyčistit. Teď to vypadá, že je to OK.
Přikládám logy z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Sada (administrator) on SADA-PC (18-01-2023 18:24:43)
Running from C:\Users\Sada\Desktop
Loaded Profiles: Sada (Available Profiles: Sada)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117472 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {01393d8e-1889-11e4-8ce4-bc5ff4551e34} - E:\Startme.exe
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\MountPoints2: {89da3b70-d237-11e9-aeeb-bc5ff4551e34} - E:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\system32\xfcodec64.dll [22016 2012-11-14] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [VIDC.XFR1] => C:\Windows\SysWOW64\xfcodec.dll [36352 2012-12-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\92.2.11577.159\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.75\Installer\chrmstp.exe [2023-01-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe [2022-12-27] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\88.0.7844.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 1.1.1.1
Tcpip\..\Interfaces\{47694619-7217-49BE-AC68-B489A063DDD9}: [DhcpNameServer] 8.8.8.8 1.1.1.1
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Skype Software Sarl -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-05-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-05-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-17] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-17] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default [2023-01-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [61440 2012-09-06] (AMD) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7888408 2022-01-20] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [623216 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [353504 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-17] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe [1794040 2022-12-14] (Avast Software s.r.o. -> AVAST Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-11-12] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-04-12] (Even Balance, Inc. -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-15] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35680 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208552 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [365520 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250328 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99288 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41304 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [177872 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [524416 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-03-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107808 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83368 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [850120 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466696 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216376 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326976 2021-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (Martin Malik - REALiX -> REALiX(tm))
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [56448 2011-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (BitRaider, LLC -> XFire)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-01-18 18:24 - 2023-01-18 18:25 - 000017812 _____ C:\Users\Sada\Desktop\FRST.txt
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-01-18 18:24 - 2019-03-24 17:35 - 000000000 ____D C:\FRST
2023-01-18 17:58 - 2014-03-16 14:19 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-18 17:57 - 2014-03-16 16:26 - 000000000 ____D C:\Program Files\CCleaner
2023-01-18 17:55 - 2014-03-16 14:11 - 000000000 ____D C:\ProgramData\NVIDIA
2023-01-18 17:55 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-18 17:55 - 2009-07-14 05:45 - 000017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-01-18 17:55 - 2009-07-14 05:45 - 000017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-01-18 17:53 - 2016-02-17 16:23 - 000000000 ____D C:\ProgramData\AVAST Software
2023-01-18 17:53 - 2015-12-24 13:28 - 000000000 ____D C:\Users\Sada\AppData\Local\CrashDumps
2023-01-18 17:52 - 2014-03-16 13:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-01-18 17:51 - 2015-05-25 13:47 - 000000000 ____D C:\Program Files\Common Files\Apple
2023-01-18 17:51 - 2015-05-25 13:46 - 000000000 ____D C:\ProgramData\Apple
2023-01-18 17:31 - 2014-03-16 14:21 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-18 17:31 - 2014-03-16 14:21 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-18 17:24 - 2015-10-03 18:52 - 000000000 ____D C:\Windows\Minidump
2023-01-18 17:09 - 2009-07-14 06:08 - 000032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-01-18 17:02 - 2017-10-08 09:19 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2023-01-02 12:33 - 2022-10-07 09:41 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-01-01 16:04 - 2022-10-07 09:41 - 000003348 _____ C:\Windows\System32\Tasks\CCleanerCrashReporting
2023-01-01 16:03 - 2018-04-27 14:06 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2022-12-27 17:46 - 2019-04-24 16:29 - 000003732 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2022-12-27 17:46 - 2018-06-07 12:40 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2022-12-27 17:46 - 2018-06-07 12:40 - 000002358 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
==================== Files in the root of some directories =======
2020-06-08 18:45 - 2020-06-08 18:45 - 024166400 _____ () C:\Program Files (x86)\GUT6E81.tmp
2020-06-07 20:12 - 2020-06-07 20:12 - 024166400 _____ () C:\Program Files (x86)\GUTE10C.tmp
2020-06-08 13:31 - 2020-06-08 13:31 - 024166400 _____ () C:\Program Files (x86)\GUTE37C.tmp
2022-08-11 06:50 - 2022-08-11 06:50 - 000000000 _____ () C:\Users\Sada\AppData\Local\{7305FA84-7072-419A-B55F-AC0437FF8BCC}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-03-18 14:39] - [2014-03-18 15:17] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2014-03-18 14:41] - [2014-03-18 15:17] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2023-01-02 13:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Sada (18-01-2023 18:25:51)
Running from C:\Users\Sada\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-15 23:48:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2586446151-2666062586-458469913-500 - Administrator - Disabled)
Guest (S-1-5-21-2586446151-2666062586-458469913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586446151-2666062586-458469913-1002 - Limited - Enabled)
Sada (S-1-5-21-2586446151-2666062586-458469913-1000 - Administrator - Enabled) => C:\Users\Sada
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACE Mega CoDecS Pack (HKLM-x32\...\{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1) (Version: 6.03.0911 - ACE DESIGN Software)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.363 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.2.2455 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 108.0.19667.125 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty - Ghosts 1.0.0.1 (HKLM-x32\...\Call of Duty - Ghosts_is1) (Version: - )
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Firestorm Launcher version 1.0 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.0 - Firestorm)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HLSW v1.4.0.5 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IObit Apps Toolbar v9.7 (HKLM-x32\...\{E029C309-4421-410B-890A-30D2E8E82D0C}) (Version: 9.7 - Spigot, Inc.) <==== ATTENTION
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nero 11 Mini Repack (HKLM-x32\...\NMMS11) (Version: - )
NVIDIA Ovladač 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Ovládací panel NVIDIA 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 372.70 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
RAIDXpert (HKLM-x32\...\{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.28 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.259195 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: 1.3.32.1010 - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.613 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\Warcraft III) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05B91ACF-260F-41B3-8993-68049A97B2A9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (Avast Software s.r.o. -> Avast Software)
Task: {076862EF-72EB-4E7A-B0E6-99CB61735F35} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {080B26B0-25B1-4E63-BC4C-030C8CC1BE69} - \{79C4C567-AB8E-4536-AA51-F246D24981A7} -> No File <==== ATTENTION
Task: {1BE2A17D-96AB-461C-BF22-D69C9E0A566A} - System32\Tasks\{03B5708B-5B79-4AEB-9F08-E180C6CD6E7D} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {1DD4D1AD-C36A-4A4D-BB4D-A3C226FD9D2E} - System32\Tasks\CCleanerSkipUAC - Sada => C:\Program Files\CCleaner\CCleaner.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {65D350E0-53D4-4232-8CB8-E8AF5D57F39A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
Task: {7152937D-9AA7-409E-9AFB-CEA999CBB02A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {747AA499-324B-4CAA-9CCE-6012A79DE8C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {8F7B40F5-6C5E-4774-AAFE-BEBBB34D3981} - System32\Tasks\Driver Booster SkipUAC (Sada) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB717BA5-C5E7-44A5-8364-E4596F179D3E} - \{A8E4D479-0D14-4FCE-89C8-B64AEA995E98} -> No File <==== ATTENTION
Task: {AD88760E-D3C8-458E-9718-AC935B00B895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AE6752C5-EDB5-4CDB-8A2E-F7031749FBF6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
Task: {BE65CC2B-E178-4BE6-B776-9BBA8E756C80} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Avast Software s.r.o. -> AVAST Software)
Task: {C244EC74-25FA-4FC8-A2CB-2648C1CB1521} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CAEE549F-23A6-47CC-AD32-4F26612E4410} - System32\Tasks\{B40DF67D-8A19-4129-B6A6-CF2EB06D280B} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {D0C5032A-75B3-4502-BF7F-134D573861BD} - System32\Tasks\{AFE6B1F9-7392-4FC1-8EC6-C9EDFB648C2A} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
Task: {E0C19F9F-8DF5-4CD1-A1A9-F082B52CB00E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {F3130B46-C0E7-47C7-85F6-B734F2AA3877} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F9851BC8-AD9F-48EA-B268-0571B6D8495D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
Task: {FA3B1D6A-D956-400D-B4E2-482AF208EF55} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe (Adobe Inc. -> Adobe)
Task: {FE677FF2-2C0F-4245-834C-7376F984E3AB} - System32\Tasks\{E5CD1BA5-70B0-4767-94C6-89FB614E59F3} => C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire, Inc. -> Xfire Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-18 14:39 - 2014-03-18 15:17 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000061440 _____ (AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
2012-09-06 09:12 - 2012-09-06 09:12 - 000065536 _____ (AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2014-03-16 13:38 - 2005-06-07 12:26 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-13 09:34 - 2020-07-13 09:34 - 000000000 ____LMicrosoft Corporation C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000122880 _____ (AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2012-09-06 09:11 - 2012-09-06 09:11 - 000139264 _____ (AMD) [File not signed] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2014-03-18 14:41 - 2014-03-18 15:17 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 002334720 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\client\jvm.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000015872 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\hpi.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000031744 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\verify.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000126976 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\java.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000047104 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\zip.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000077824 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\net.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000176128 _____ (Promise Technology, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\pmsjni.dll
2012-09-06 09:11 - 2012-09-06 09:11 - 000278528 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\pri2plgnnapa.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000098304 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\prerrlog.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000536576 _____ () [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-09-06 09:10 - 2012-09-06 09:10 - 000114688 _____ (Promise Technology INC) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\prdecode.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000018432 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\management.dll
2010-11-02 04:03 - 2010-11-02 04:03 - 000020480 ____N (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\nio.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2586446151-2666062586-458469913-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2019-01-30 08:16 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2586446151-2666062586-458469913-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sada\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AvastBrowserAutoLaunch_4EDD67AB4B4ED7535929209128468110 => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --onboarding-at-startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5F0B59A9-761A-4EEA-B927-6690885822CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF168576-B110-4031-B40D-1EBE60527B7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C270FFF0-0379-4D5B-BCA8-9791F49CD8E1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{EF3ACD68-17FE-4C3E-850D-A93938CD4FF1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{CDDFCBB8-B4FC-4288-B141-4722C2260D11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2D925FB5-5B23-4E49-8FE8-DD876A74A5DF}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{F2C6BC5E-9D8E-4B13-9580-614AB8F93874}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [TCP Query User{3D7F941E-B422-4F66-8B51-294228F4EA2A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{52BDFBE2-D019-4992-A5D1-5530BFFE566F}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{CAC52F32-D580-4D2C-92E9-C6D443D47104}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{33A5CA8B-8B5A-4C47-A8EA-6B9ABB2F06AA}] => (Block) C:\program files (x86)\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A76666B6-EF3E-4407-829E-D3A2B405974E}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [UDP Query User{C38F0ABD-8275-41FD-ADD3-26122CC4E0D1}C:\program files (x86)\warcraft iii\lancraft.exe] => (Allow) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{F4FA9233-54CF-4449-BC5F-95FF52AB1D0B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{050324B7-B174-4A76-AC44-F6DEB3627D2B}] => (Block) C:\program files (x86)\warcraft iii\lancraft.exe () [File not signed]
FirewallRules: [{D144781F-BBDD-45B2-83E9-7EB95F841DEB}] => (Allow) LPort=80
FirewallRules: [{644DDD71-6777-48C3-B7D8-B4CA31357C78}] => (Allow) LPort=443
FirewallRules: [{13AEFAF0-2E43-44BE-8417-3AAFBDBAA185}] => (Allow) LPort=20010
FirewallRules: [{79B3458F-D1F3-48F9-BDFA-BA3CA06E33BA}] => (Allow) LPort=3478
FirewallRules: [{721F63FD-11B7-4463-90C3-F3B15BE59100}] => (Allow) LPort=7850
FirewallRules: [{DD40E129-BFCE-427F-B9B0-2E4ECAF0A678}] => (Allow) LPort=7852
FirewallRules: [{A1496419-4BD3-40D7-8A1E-52DC8F5C9A5F}] => (Allow) LPort=7853
FirewallRules: [{509F3188-3102-4456-9CDB-3A370DB4394A}] => (Allow) LPort=27022
FirewallRules: [{8A187787-008E-4E02-A27A-6898CAF2FF8C}] => (Allow) LPort=6881
FirewallRules: [{F42081D2-0603-4809-B62D-67A922DC1327}] => (Allow) LPort=33333
FirewallRules: [{57CD5445-71DD-4E80-8154-616D136F916E}] => (Allow) LPort=20443
FirewallRules: [{2AC68148-04A8-4F82-A5C6-EF94BACC98CE}] => (Allow) LPort=8090
FirewallRules: [{95D0F51C-CB5A-4879-98BD-6D23B3B00465}] => (Allow) %ProgramFiles%\Zune\Zune.exe No File
FirewallRules: [TCP Query User{AE1076B1-AFF5-4F0F-AD62-15F4D6598A47}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [UDP Query User{D958E1C5-F829-4062-B260-BF2A1E645268}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{023C9E71-0634-4AA3-B114-C60CEF2B3ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9219E1EA-3F11-4DA3-8023-C445DA54E170}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F470CD7E-7F44-4067-A2E7-369D979CE9EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1A46A941-7A03-4820-9EB9-26289102BA68}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{152CEA05-D7BC-445B-B994-1B48EE4026EF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{51682CC5-2D2C-4836-8BF2-7AC01521A051}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2154024B-4A9D-4F0F-8727-50C5E7D68257}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [UDP Query User{CEC92FF8-F53C-4E0D-967A-FB6853028BC9}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe (Xfire, Inc. -> Xfire Inc.)
FirewallRules: [{158749E9-EB38-41FB-AC7C-C6128A1B6EDA}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{DB9FB825-367E-42D4-B204-A19A4F42EF56}] => (Allow) C:\Hry\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{16A91F06-E5A7-414D-B351-93EEE962371C}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{7A8D2FB2-72D7-4953-AA12-DA94282161C1}] => (Allow) C:\Hry\Battlefield 4\bf4.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{E1A2B81B-F65F-4966-B690-8A049C3BF73F}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7A4E34D3-8358-4BDD-97F4-1F97BAB5A224}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{0315352B-2F2A-440B-8B84-14409FFE415F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21292D8D-47F8-4F8F-B37E-E6ABD3484DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{60B7A6BD-084B-4214-A72C-E898C355E8B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BCC5CE20-ED3C-4783-82AB-FB2C4F60EB89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C16AA97C-BB83-4A48-9224-AC27122A06A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C5D9B8A-7370-42B5-AE51-526D8B60858C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{03F3C133-EF90-4B7F-9F6E-78CE2A6CAFF7}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe (Wargaming.net LLP -> Wargaming.net) [File not signed]
FirewallRules: [{E7EDA3EC-E253-444F-B624-CC14B3F234E3}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{3771FEA2-3C44-4966-AB83-9F25DA3D19DE}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FEC850FF-6F05-4BAD-A1F9-90DCB29D63D8}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{E028376B-FA7C-4E0C-B457-EE3DCDD550AC}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{76323660-07F3-4C05-9EFF-0C1B6E201FB2}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{27EA8C8A-1D04-4D99-ADAC-B35730A98C6C}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{CF7A5BA7-28EF-4BBA-ADDC-0DAE63B465B0}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [UDP Query User{C8084811-2DE9-43E5-AC60-70F1C87E66A4}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [TCP Query User{F6542340-C59A-4BDA-A64B-821E3E942973}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [UDP Query User{A89FF35D-B42B-4AFC-88F9-F3E555AAD824}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe (Stripf Software) [File not signed]
FirewallRules: [TCP Query User{EEB01A45-A825-441D-8C03-52167FDE0002}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9632D96F-7B38-4E89-B573-077056D60476}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{DAF4DF82-725D-41F3-A112-522A27690F27}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{9840C30B-0EAF-463E-B081-433ACE5CD175}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7252AB87-FEC9-49CF-BFFC-C5039F6F20D1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{64D44895-05D1-4561-A9E9-43DC655AF739}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{57393283-7F08-48FA-8F82-D78AE47B1D48}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{76D2AEE7-B3B7-4A1E-AB6A-9D0EF5D21569}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E9EF881D-5C7D-4DFB-9B32-6CE2CBA0A231}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{21AEFC7F-9DCD-4454-8B78-8A156A074F95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
03-12-2022 17:44:13 Naplánovaný kontrolní bod
17-12-2022 11:04:59 Naplánovaný kontrolní bod
24-12-2022 21:24:25 Naplánovaný kontrolní bod
01-01-2023 16:56:40 Naplánovaný kontrolní bod
10-01-2023 21:55:57 Naplánovaný kontrolní bod
18-01-2023 17:43:22 Removed Bonjour
18-01-2023 17:44:25 Removed iTunes
18-01-2023 17:46:26 Removed LogMeIn Hamachi
18-01-2023 17:47:30 Removed Apple Mobile Device Support
18-01-2023 17:48:21 Removed Apple Software Update
18-01-2023 17:48:51 Removed Apple Mobile Device Support
18-01-2023 17:49:49 Removed Podpora aplikací Apple (32bitová)
18-01-2023 17:50:47 Removed Podpora aplikací Apple (64bitová)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2023 05:56:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
Error: (01/18/2023 05:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: setup.exe_Sony PC Companion, verze: 17.0.0.717, časové razítko: 0x4cab8cfa
Název chybujícího modulu: TMonitorAPI.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x4f9e6213
Kód výjimky: 0xc0000005
Posun chyby: 0x72ef46f0
ID chybujícího procesu: 0x1854
Čas spuštění chybující aplikace: 0x01d92b5d2d004300
Cesta k chybující aplikaci: C:\Users\Sada\AppData\Local\Temp\{BD486BC1-F4B4-4BC3-8B54-84380D49D3C5}\setup.exe
Cesta k chybujícímu modulu: TMonitorAPI.dll
ID zprávy: 8821d53e-9750-11ed-89fe-bc5ff4551e34
Error: (01/18/2023 05:37:59 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
Error: (01/18/2023 05:19:21 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
Error: (01/18/2023 05:15:01 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
Error: (01/18/2023 05:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.1.7601.17567, časové razítko: 0x4d672ee4
Název chybujícího modulu: wwanapi.dll, verze: 6.1.7600.16385, časové razítko: 0x4a5be0a8
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000333eb
ID chybujícího procesu: 0x620
Čas spuštění chybující aplikace: 0x01d92b57386fdd53
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: C:\Windows\system32\wwanapi.dll
ID zprávy: a57f493a-974a-11ed-a1e9-bc5ff4551e34
Error: (01/18/2023 05:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
Error: (01/18/2023 04:59:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.
System errors:
=============
Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (01/18/2023 06:24:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.
Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (01/18/2023 06:13:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (01/18/2023 06:13:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.
Error: (01/18/2023 06:13:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
CodeIntegrity:
===================================
Date: 2016-09-20 16:26:15.248
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-20 16:26:15.247
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 55%
Total physical RAM: 8169.44 MB
Available physical RAM: 3642.98 MB
Total Virtual: 16337.05 MB
Available Virtual: 10768.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:139.24 GB) NTFS
Drive d: () (Fixed) (Total:74.55 GB) (Free:54.87 GB) NTFS
\\?\Volume{cb55c6fc-ac9a-11e3-858b-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: AB41F5E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 74.6 GB) (Disk ID: F8CEF8CE)
Partition 1: (Active) - (Size=74.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosím o kontrolu
Ahoj
Aktivace licence systému Windows se nezdařila
Vypada, ze system nie je legalny
Pokial je, tak upgradni na W10
Aktivace licence systému Windows se nezdařila
Vypada, ze system nie je legalny
Pokial je, tak upgradni na W10
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o kontrolu
Dík za info. Něvěděl jsem, že není legální. Je to PC po synovi, který si koupil nový a požívá ho dnes moje partnerka.
No nic udělám čistou instalaci W10. To bude asi nejlepší.
No nic udělám čistou instalaci W10. To bude asi nejlepší.
Re: Prosím o kontrolu
Veru tak
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/