Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Pepi (05-04-2017 13:32:03)
Running from C:\Users\Pepi\Desktop
Windows 10 Education Version 1607 (X64) (2016-10-03 16:19:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-36918377-437131489-4245242684-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-36918377-437131489-4245242684-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-36918377-437131489-4245242684-503 - Limited - Disabled)
Guest (S-1-5-21-36918377-437131489-4245242684-501 - Limited - Disabled)
Pepi (S-1-5-21-36918377-437131489-4245242684-1001 - Administrator - Enabled) => C:\Users\Pepi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.02.1721, 30.05.2016 - AIMP DevTeam)
Aktualizace NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EPSON BX305 Plus Series Printer Uninstall (HKLM\...\EPSON BX305 Plus Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6F73FF93-0B55-4194-AE45-C19DA1F33E97}) (Version: 6.0.3 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
KONICA MINOLTA magicolor 1690MF (HKLM\...\KONICA MINOLTA magicolor 1690MF) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A7A76890-1134-424F-97DA-7BED0D9CFA19}) (Version: 12.1.4232.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.7766.2071 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-36918377-437131489-4245242684-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{375DE766-4467-4F48-B56B-4F543819BAB4}) (Version: 12.1.4232.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 cs)) (Version: 45.1.1 - Mozilla)
MsActiveX (HKLM-x32\...\MsActiveX) (Version:  - )
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{AA4FBC0D-2136-41E4-B914-93642B923B03}) (Version: 7.7.3 - Node.js Foundation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7766.2071 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2071 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 376.54 (Version: 376.54 - NVIDIA Corporation) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Czech Resources (Version: 24.130.57 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20160-40300-1100-100) (Version: 24.3.0.57 - SolidWorks Corporation)
SOLIDWORKS 2016 x64 Edition SP03 (Version: 24.130.57 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP03 (Version: 16.3.0030 - Společnost Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2016 SP03 x64 Edition (Version: 24.30.57 - Společnost Dassault Systemes SolidWorks Corp) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52 - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhatsApp (HKU\S-1-5-21-36918377-437131489-4245242684-1001\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-36918377-437131489-4245242684-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_CZ_is1) (Version: 18.0.1.9 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-36918377-437131489-4245242684-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05585A92-E961-4A41-B141-DFDA598BFFFB} - System32\Tasks\{5EC861E9-DBF1-12B0-E8AF-C1DB3959F137} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d6460be6\fac142a9.dll" <==== ATTENTION
Task: {0D0E6D5B-6E9D-4EAC-A4CC-090C5622A204} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe 
Task: {1F9E1AFC-1186-4E11-A40C-2B7F7511EA9F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {33DE2381-69E5-4C1A-B58E-2873487E6765} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-19] (Google Inc.)
Task: {395A5167-FF5A-4C2F-B5C0-BB728A212929} - System32\Tasks\rswinui => Rundll32.exe "C:\ProgramData\31X6035X7865o5627\31X6035X7865o5627.dll",XorZkG
Task: {4417F796-EB5A-4163-880E-EF7FAB5BCBF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-03-10] (Microsoft Corporation)
Task: {4C26DAE1-5820-4C2B-9BC3-EBC56E8D866E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-36918377-437131489-4245242684-1001UA => C:\Users\Pepi\AppData\Local\Google\Update\GoogleUpdate.exe 
Task: {4FD80837-5038-410A-9C53-245FCDEDC6AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-36918377-437131489-4245242684-1001Core => C:\Users\Pepi\AppData\Local\Google\Update\GoogleUpdate.exe 
Task: {595A0E78-DF66-4ED8-A9E6-2DDA98BD001D} - System32\Tasks\chrome\application\chrome => Rundll32.exe "C:\ProgramData\31X6035X7865o5627\31X6035X7865o5627.dll",XorZkG
Task: {5CF14050-6037-4F71-821C-2FAEAC83275C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-19] (Google Inc.)
Task: {6AB69511-E93A-4DBB-8506-F464B7871A73} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-09] (Microsoft Corporation)
Task: {703E0AF3-71B7-4EF1-98C1-20BC4FBDD2AA} - System32\Tasks\Bevupy Client => C:\Program Files (x86)\Qejisyfank\aroqis.exe 
Task: {71051D05-7016-4505-B635-060F22D31BD4} - System32\Tasks\{D8C7775B-6F6C-C0F0-651D-16316B3C646C} => C:\ProgramData\{8B2A4FF0-3C81-F85B-DFF1-AA39C6B293AD}\54274A63-E38C-FDC8-0088-1262711B3A00.exe  <==== ATTENTION
Task: {842E0E08-8D53-45A2-97E9-935ABB500067} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {85B766E1-0F5E-4906-9EF2-38520D818EF1} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-EPELJSD-Pepi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {94CE4121-705E-4E3A-8D4F-743E34441FCD} - System32\Tasks\Drerza Center => C:\Program Files (x86)\Tajetygrubosy\juwerle.exe 
Task: {9E89A345-3116-401D-BBBB-CF36DFECFBA1} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe 
Task: {A195ABCD-E3F5-497B-AF76-23A4AE631F9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-03-10] (Microsoft Corporation)
Task: {B25C9BDD-2A85-44F8-9B32-6923D08B684D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-09] (Microsoft Corporation)
Task: {B5B38F8E-6787-471B-B452-8721B433C55B} - System32\Tasks\{7F0A8726-9444-4E32-BB30-B8E82C1509B5} => pcalua.exe -a "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\removeAdAppMgr.exe"
Task: {C523C8A0-353D-4293-A9BC-4919A0CB6B60} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-10] (Microsoft Corporation)
Task: {C6CA16A3-7291-41C4-B853-11931563205D} - System32\Tasks\{E811B41E-5FBA-03B5-EAB3-7C887C42A036} => C:\ProgramData\{7D861DC3-CA2D-AA68-A717-B885D539312C}\56D34C9B-E178-FB30-E2DC-C7B6253E1323.exe  <==== ATTENTION
Task: {CACCD6D2-AF89-4870-AA9B-53057949636C} - no filepath
Task: {CBAF8ADD-DEDC-473F-9EA8-A1435D8A851B} - \Reasodom -> No File <==== ATTENTION
Task: {DC8AC479-3AC7-4F88-9D4F-12E2186B38E4} - System32\Tasks\flashutil_activex => Rundll32.exe "C:\ProgramData\31X6035X7865o5627\31X6035X7865o5627.dll",XorZkG
Task: {FDCEFE21-EEAD-452B-BBBD-ECFA3F4BFE89} - System32\Tasks\31X6035X7865o5627 => Rundll32.exe "C:\ProgramData\31X6035X7865o5627\31X6035X7865o5627.dll",XorZkG <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36918377-437131489-4245242684-1001Core.job => C:\Users\Pepi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36918377-437131489-4245242684-1001UA.job => C:\Users\Pepi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pepi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Pepi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Pepi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Pepi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Pepi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491385430&z=c5970e285664023e2684ec1g6z4tegec7b1w9z2c5g&from=che0812&uid=LITEONITXLMT-128M3M_002220101270

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 18:39 - 2017-03-04 09:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-04-05 11:47 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-10-03 18:10 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-05 15:24 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-03-15 18:39 - 2017-03-04 09:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 19:03 - 2016-10-03 19:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 18:39 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 18:39 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 18:39 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 18:39 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 18:39 - 2017-03-04 08:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 18:40 - 2017-03-04 08:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-06 02:54 - 2016-04-06 02:54 - 00267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-04-03 08:40 - 2017-03-29 10:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-03 08:40 - 2017-03-29 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-03-27 21:16 - 2017-03-09 17:31 - 02259968 _____ () C:\Users\Pepi\AppData\Local\WhatsApp\app-0.2.3699\ffmpeg.dll
2017-03-27 21:16 - 2017-03-09 17:31 - 02917376 _____ () C:\Users\Pepi\AppData\Local\WhatsApp\app-0.2.3699\libglesv2.dll
2017-03-27 21:16 - 2017-03-09 17:31 - 00095232 _____ () C:\Users\Pepi\AppData\Local\WhatsApp\app-0.2.3699\libegl.dll
2017-04-05 13:26 - 2017-04-05 13:26 - 00486912 _____ () \\?\C:\Users\Pepi\AppData\Local\Temp\7D1D.tmp.node
2016-06-05 15:24 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-05 13:19 - 2017-04-05 13:19 - 00098816 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32api.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00110080 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\pywintypes27.dll
2017-04-05 13:19 - 2017-04-05 13:19 - 00364544 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\pythoncom27.dll
2017-04-05 13:19 - 2017-04-05 13:19 - 00320512 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32com.shell.shell.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00914432 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_hashlib.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 01176576 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._core_.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00806400 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._gdi_.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00816128 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._windows_.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 01067008 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._controls_.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00733184 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._misc_.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00682496 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\pysqlite2._sqlite.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00088064 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_ctypes.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00686080 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\unicodedata.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00119808 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32file.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00108544 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32security.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00007168 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\hashobjs_ext.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00017920 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\thumbnails_ext.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00088064 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\usb_ext.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00012800 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\common.time34.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00018432 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32event.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00167936 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32gui.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00046080 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_socket.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 01303552 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_ssl.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00128512 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_elementtree.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00127488 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\pyexpat.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00038912 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32inet.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00036864 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_psutil_windows.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00524248 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\windows._lib_cacheinvalidation.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00011264 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32crypt.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00123392 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._wizard.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00077312 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._html2.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00027648 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_multiprocessing.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00020480 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\_yappi.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00035840 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32process.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00078848 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\wx._animate.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00024064 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32pipe.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00010240 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\select.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00025600 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32pdh.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00017408 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32profile.pyd
2017-04-05 13:19 - 2017-04-05 13:19 - 00022528 ____R () C:\Users\Pepi\AppData\Local\Temp\_MEI33042\win32ts.pyd
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-03-28 15:59 - 2017-03-28 04:48 - 00105984 _____ () c:\programdata\package cache\{2a002f88-fd5d-379b-a350-a25d84af128b}v14.0.25420\packages\visualc_d14\vc_ide.base\vc_ide_base.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-36918377-437131489-4245242684-1001\Software\Classes\.scr: AutoCADLTScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-36918377-437131489-4245242684-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pepi\Desktop\184244124.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-36918377-437131489-4245242684-1001\...\StartupApproved\Run: => "EPSONCC9B74 (Epson Stylus Office BX305 Plus)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FEE725ED-78C3-49BA-9079-177850AD5E57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{E0251FE7-3E44-4462-A2F7-0ADC12BB85F9}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{D620B34D-E846-4FE1-9114-BF5C08264846}C:\users\pepi\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pepi\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B5EFCC9F-67C1-4AA6-8F2C-6CD42C6ED09D}C:\users\pepi\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pepi\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{366F265C-D3AF-4482-AAEE-B78AEB5A2AA3}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{EB8634F8-5845-4E3C-87D7-78D6DAD9B04F}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [{28AB6606-F1D9-4B8D-B058-37EF176532CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C05C77D6-C811-456E-89A7-54E72BC8F664}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{E97A60AF-D3C1-4AD9-8D44-1EBD8A5FE2CE}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{2F3D5278-8CB7-45C4-B078-06CCC227683E}] => (Allow) C:\Program Files\Zoner\Photo Studio 18\Program32\MediaServer.exe
FirewallRules: [UDP Query User{464E3755-B2DB-445F-B477-546DA9C2DE3E}C:\users\pepi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pepi\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{0D87CCE4-7AE4-4396-B669-94EE3C4F9CBD}C:\users\pepi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pepi\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{32E0D2EA-4BEC-4336-892D-6688858945F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4DC064F6-AB71-42AC-8C50-5514302AA55E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4B6C8FFF-A54A-4279-87C5-940C0D2DE260}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{72FEEA37-FCB6-451A-8297-F1550B54E0F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7FE7508F-AF29-48F1-9C69-CF320593798E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0BA40E08-2B20-4E17-BFDC-6FE5DC4F3563}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C600A3EE-C71C-4E32-86ED-422B95FFA71D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D72DE8FF-430E-4A97-9AB9-F45C57C63D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B335AB6-9EC6-46D9-AD03-C9C49FFA786F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2D0AF81-A5B8-4A0C-80B4-C4A39D02C62D}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{12303075-7D6C-461C-878B-7B8787A2ABF3}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{6C79A2FB-C043-4ACE-B279-BDC2C7777565}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2619B194-4C42-4BE7-828D-03B27A54E22E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56BB599C-DF7C-4A0A-B2BB-E6D7ED40D0F5}] => (Allow) LPort=2869
FirewallRules: [{0CA3C5AD-3625-4C0A-A0FC-0C815694CF15}] => (Allow) LPort=1900
FirewallRules: [{61CD1A07-E6A5-4081-B7F9-32327A0A410C}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{9482B346-489D-4EF4-A8DC-91631FE95FF4}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [TCP Query User{BC198C4B-EA47-4707-ADD0-FFBDF59F3A87}C:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) C:\program files\netbeans 8.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{B7DF5390-DA7A-4BFF-9C92-95C86BEAD2D1}C:\program files\netbeans 8.2\bin\netbeans64.exe] => (Allow) C:\program files\netbeans 8.2\bin\netbeans64.exe
FirewallRules: [{6CA11293-F220-42BD-9148-EE84021145A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{817AE7C2-9BAB-43CF-BB52-FC782E8C58BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC0BE1CE-F2AE-43E9-A444-15D84532A542}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C79E3D8F-E197-4F9B-BDC9-52D061617177}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A86C4B43-6BD3-41AF-AC5A-CCCD814181C6}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{010EDDD9-A073-4EDB-9EAC-18A76213BE9E}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{5DAF5E9E-D8B0-49B0-994C-987D43074181}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{81A67D83-37E5-4A7D-A8FD-983854A2AD57}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{62D1F831-C820-4AD5-9E84-329C0AA4AA59}] => (Allow) C:\Program Files (x86)\Yeshat\Application\chrome.exe
FirewallRules: [{4C17FA96-74A5-4C06-937F-470E58C55C92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
