Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lucas (06-08-2018 23:48:24) Run:1
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {D38F274F-1941-46B2-A574-24BA65CF52A7} - System32\Tasks\{14ED494E-0C53-4DA0-8A28-1F5C1F1CFA2B} => C:\Windows\system32\pcalua.exe -a C:\Users\Lucas\Downloads\LopSD.exe -d C:\Users\Lucas\Downloads
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [346]
AlternateDataStreams: C:\Users\Lucas\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
FirewallRules: [TCP Query User{7D53CFEB-1A0C-4596-A7A0-274D86BC6DB1}C:\programdata\oracle\java\javapath_target_1160054\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1160054\java.exe
FirewallRules: [UDP Query User{A433C97C-6A7A-41EC-B495-196BC6A393CA}C:\programdata\oracle\java\javapath_target_1160054\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1160054\java.exe
FirewallRules: [{F7E9199B-0781-45C8-8094-A2264756FE87}] => (Allow) C:\Users\Lucas\AppData\Roaming\svchost.exe
FirewallRules: [{6688EFD1-F25B-45D5-A222-E3A96486D2B9}] => (Allow) C:\Users\Lucas\AppData\Roaming\svchost.exe
FirewallRules: [{CF6B7D9A-FB0D-4452-9C10-915A8CE9271B}] => (Allow) C:\Users\Lucas\AppData\Roaming\svchost.exe
FirewallRules: [{0C7898AF-A69D-4F7B-ADFD-D30AE48BF733}] => (Allow) C:\Users\Lucas\AppData\Roaming\svchost.exe
FirewallRules: [TCP Query User{6A44A000-9AB7-4190-8091-A17C0B64E0B1}C:\programdata\oracle\java\javapath_target_1160054\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1160054\java.exe
FirewallRules: [UDP Query User{261600E9-60BA-46B3-A720-2E9392B87BB3}C:\programdata\oracle\java\javapath_target_1160054\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1160054\java.exe
FirewallRules: [TCP Query User{BD677F71-D396-43C0-925A-7B0379C20654}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{42C5CF0E-B019-4C98-A02F-E9F8385270C4}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\jusched.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\RunOnce: [NVIDIA Backend] => C:\ProgramData\NVIDIA\NvBackend.exe [798208 2017-08-30] (NVIDIA Corporation)
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\MountPoints2: {4f31f383-9092-11e7-8be8-bc5ff4781251} - J:\setup.exe
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\MountPoints2: {cf627eff-00c7-11e7-8adf-bc5ff4781251} - D:\setup.exe
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\MountPoints2: {cf627f04-00c7-11e7-8adf-bc5ff4781251} - I:\setup.exe
HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\Lucas\AppData\Roaming\jusched.exe" <==== ATTENTION
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avguard.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avscan.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccleaner.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbar.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\qhsafemain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\reimage.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rufus-2.12.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\setuphost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\shutup10.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\unlocker.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zhpcleaner.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
BootExecute: autocheck autochk /k:C *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Extension: (Avira Browser Safety) - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\4ImX428b.default\Extensions\abs@avira.com [2018-07-17]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (Wonderful Weather) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd [2018-08-06]
CHR Extension: (Wonderful Weather) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd [2018-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
2017-08-19 17:53 - 2017-09-06 21:16 - 000000000 _____ () C:\Users\Lucas\AppData\Roaming\svchost.exe
2018-08-06 21:19 - 2018-08-06 22:33 - 000000079 _____ () C:\Users\Lucas\AppData\Local\Temp\08b072d8e03b11d68a28296164adceb4.dll
2018-08-06 20:57 - 2018-08-06 22:37 - 000000180 _____ () C:\Users\Lucas\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2018-08-04 13:43 - 2018-08-06 22:17 - 000000044 _____ () C:\Users\Lucas\AppData\Local\Temp\c45f766fd7bd1e38de04a3ce844f040b.dll
2018-08-06 18:59 - 2018-05-07 21:26 - 000394640 _____ (NVIDIA Corporation) C:\Users\Lucas\AppData\Local\Temp\nvStInst.exe
2018-08-06 17:41 - 2018-08-06 17:39 - 000099896 _____ () C:\Users\Lucas\AppData\Local\Temp\Uninstall.exe
cmd: ipconfig /flushdns
hosts:
emptytemp:

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D38F274F-1941-46B2-A574-24BA65CF52A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D38F274F-1941-46B2-A574-24BA65CF52A7}" => removed successfully
C:\Windows\System32\Tasks\{14ED494E-0C53-4DA0-8A28-1F5C1F1CFA2B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14ED494E-0C53-4DA0-8A28-1F5C1F1CFA2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => removed successfully
C:\Windows\Temp => ":$DATA" ADS removed successfully
C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully
C:\Users\Lucas\AppData\Local\Temp => ":$DATA​" ADS could not remove.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7D53CFEB-1A0C-4596-A7A0-274D86BC6DB1}C:\programdata\oracle\java\javapath_target_1160054\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A433C97C-6A7A-41EC-B495-196BC6A393CA}C:\programdata\oracle\java\javapath_target_1160054\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7E9199B-0781-45C8-8094-A2264756FE87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6688EFD1-F25B-45D5-A222-E3A96486D2B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF6B7D9A-FB0D-4452-9C10-915A8CE9271B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C7898AF-A69D-4F7B-ADFD-D30AE48BF733}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A44A000-9AB7-4190-8091-A17C0B64E0B1}C:\programdata\oracle\java\javapath_target_1160054\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{261600E9-60BA-46B3-A720-2E9392B87BB3}C:\programdata\oracle\java\javapath_target_1160054\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD677F71-D396-43C0-925A-7B0379C20654}C:\program files\java\jre1.8.0_144\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{42C5CF0E-B019-4C98-A02F-E9F8385270C4}C:\program files\java\jre1.8.0_144\bin\javaw.exe" => removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NVIDIA Backend" => removed successfully
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowCpl" => removed successfully
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f31f383-9092-11e7-8be8-bc5ff4781251}" => removed successfully
HKLM\Software\Classes\CLSID\{4f31f383-9092-11e7-8be8-bc5ff4781251} => not found
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf627eff-00c7-11e7-8adf-bc5ff4781251}" => removed successfully
HKLM\Software\Classes\CLSID\{cf627eff-00c7-11e7-8adf-bc5ff4781251} => not found
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf627f04-00c7-11e7-8adf-bc5ff4781251}" => removed successfully
HKLM\Software\Classes\CLSID\{cf627f04-00c7-11e7-8adf-bc5ff4781251} => not found
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccleaner.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gsam.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbar.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcuicnt.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\qhsafemain.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\reimage.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rufus-2.12.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setuphost.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\shutup10.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unlocker.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zhpcleaner.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\4ImX428b.default\Extensions\abs@avira.com => moved successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (Wonderful Weather) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd [2018-08-06] => Error: No automatic fix found for this entry.
CHR Extension: (Wonderful Weather) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd [2018-08-06] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-06] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKU\S-1-5-21-2318741642-3001645257-2146963218-1000\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKLM\System\CurrentControlSet\Services\BstkDrv" => removed successfully
BstkDrv => service removed successfully
"HKLM\System\CurrentControlSet\Services\dgderdrv" => removed successfully
dgderdrv => service removed successfully
C:\Users\Lucas\AppData\Roaming\svchost.exe => moved successfully
C:\Users\Lucas\AppData\Local\Temp\08b072d8e03b11d68a28296164adceb4.dll => moved successfully
C:\Users\Lucas\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll => moved successfully
C:\Users\Lucas\AppData\Local\Temp\c45f766fd7bd1e38de04a3ce844f040b.dll => moved successfully
C:\Users\Lucas\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Lucas\AppData\Local\Temp\Uninstall.exe => moved successfully

========= ipconfig /flushdns =========


Configuration IP de Windows

Cache de r‚solution DNS vid‚.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17797452 B
Java, Flash, Steam htmlcache => 285659902 B
Windows/system/drivers => 408196 B
Edge => 0 B
Chrome => 361479500 B
Firefox => 188905989 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 66228 B
Lucas => 277673438 B
Lucas Test => 28643 B

RecycleBin => 351724978 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:51:41 ====