Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by BT (06-10-2022 17:26:20)
Running from C:\Users\BT\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1083 (X64) (2021-04-24 07:26:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1186171619-893856383-1054623740-500 - Administrator - Disabled)
BT (S-1-5-21-1186171619-893856383-1054623740-1001 - Administrator - Enabled) => C:\Users\BT
DefaultAccount (S-1-5-21-1186171619-893856383-1054623740-503 - Limited - Disabled)
Guest (S-1-5-21-1186171619-893856383-1054623740-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1186171619-893856383-1054623740-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 WWII Anthology HD (HKLM-x32\...\{41AA2A65-DC47-4A15-9EBB-7D2B1FB1A51E}_is1) (Version: 1.61 - Electronic Arts)
Boosteroid (HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\{abc11005-715e-49eb-80fd-590be7a5d4b2}) (Version: 1.4.16 - Boosteroid Games S.R.L.)
Carmageddon TDR2000 (HKLM-x32\...\{204752E6-4202-11D4-8586-0050DA635DCF}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 6.04 - Piriform)
Core Epic (HKLM\...\{B51E6DE5-9A25-47E6-9806-24B4C62D42A6}) (Version: 1.3.1.0 - Manticore Games)
Core Epic Installer (HKLM-x32\...\{531451dd-91d4-4b27-a171-1b9c7f325969}) (Version: 1.3.0.0 - Manticore Games) Hidden
CPUID HWMonitor 1.46 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.46 - CPUID, Inc.)
Creation Master 15.0 (HKLM-x32\...\Creation Master 15_is1) (Version:  - FIFA MASTER)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
FIFA 20 (HKLM-x32\...\FIFA 20) (Version:  - )
Free Download Manager (HKLM\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.2.3973 - Softdeluxe)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.103 - Google LLC)
Great Discover (HKLM\...\Great Discover) (Version: 1.4.1.6 - Devine Software Oy) <==== ATTENTION
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.34 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
MiniTool Power Data Recovery 10.2 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 10.2 - MiniTool Software Limited)
Mortal Kombat 11 (HKLM-x32\...\Mortal Kombat 11_is1) (Version:  - )
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 90.0.1 (x64 cs)) (Version: 90.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
MPC-HC 1.9.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.7 - MPC-HC Team)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA GeForce NOW 2.0.44.105 (HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.44.105 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1703 - Microsoft Corporation)
ProtonVPN (HKLM-x32\...\{3470FC7E-BD2A-43FB-9E14-9CBC58C7F6F7}) (Version: 2.1.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 2.1.1) (Version: 2.1.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{87BDF456-9882-44E6-8FFC-F73B83E42EAD}) (Version: 1.1.4 - Proton Technologies AG)
ProtonVPNTun (HKLM-x32\...\{B1EBF050-CC3E-45B0-9DE5-339C6241F3DA}) (Version: 0.13.1 - Proton Technologies AG)
ProudBrowser (HKLM-x32\...\ProudBrowser_is1) (Version: 1.0.1.0 - Ramadutha Software Services)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Puran File Recovery 1.1 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
qBittorrent 4.3.8 (HKLM-x32\...\qBittorrent) (Version: 4.3.8 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.64.990 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Trackmania (HKLM-x32\...\Uplay Install 5595) (Version:  - Ubisoft)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 125.1.10585 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{1729B0A9-0490-418B-A565-89B4D5BC8F2D}) (Version: 1.2.0.0 - Epic Games, Inc.) Hidden
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WireGuard (HKLM\...\{B39961A6-C5DF-4A48-AC4A-0A1E02EB4B03}) (Version: 0.3.4 - WireGuard LLC)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.6.36.0_x86__kgqvnymyfvs32 [2021-07-09] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.61.6.0_x86__kgqvnymyfvs32 [2021-07-20] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-25] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1186171619-893856383-1054623740-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (Proton Technologies AG -> ProtonVPN)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} =>  -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-02-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.176.0821.0003\FileSyncShell64.dll [2022-09-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2022-07-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\BT\Desktop\Old game\S E G A\Ярлык для Aero_Blasters.lnk -> D:\games\S E G A\Aero_Blasters.zip (No File) <==== Cyrillic
Shortcut: C:\Users\BT\Desktop\Old game\S E G A\emulator\Ярлык для emulator.lnk -> D:\games\Новая папка\S E G A\emulator (No File) <==== Cyrillic
Shortcut: C:\Users\BT\Desktop\Old game\S E G A\emulator\Ярлык для Flashback - The Quest for Identity _000.lnk -> \\Student3\d\games\S E G A\emulator\Flashback - The Quest for Identity _000.bmp <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2022-10-01 20:08 - 000000746 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\WireGuard\
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1186171619-893856383-1054623740-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C1D27B2CBE2B23A65DED98D2912EC885"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AAAC1E90-EEE9-451B-AF38-46C5ADAA7BEB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C4051807-2749-42B2-AA95-14EC6092EFF0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{342B9BBC-176D-4AE6-9605-10D7C7F7F7EC}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{0E6E9155-32A4-4962-AC5F-5ADC3F355D82}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{F97BF28A-F077-4ECB-94E0-46318929BFEC}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{56AFE0EE-F22F-4B19-B57A-2C50B1BA77EB}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FF0ED18A-67E1-46C6-AEB6-BA0894320CC2}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{965B3528-5308-4189-9A9E-9CABAA44978E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{A542246A-AEBD-4567-B177-3816D2D1B43E}D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F5722E27-F598-454B-A258-45F2259950BC}D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{526D9DED-2601-4B2C-93A6-C1320AE55B9F}] => (Block) D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4D8BC05E-BB6F-421B-BD9B-6F12B84D0A7A}] => (Block) D:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{2755C36A-744B-46A2-B798-D2CE372A9660}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5DCFBDD5-1678-4AC8-BDB5-FEFAC9834259}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

20-09-2022 19:20:30 Piriform Driver Updater - Update 11.7.0.1045
30-09-2022 11:56:42 Naplánovaný kontrolní bod
30-09-2022 22:17:43 Removed Radmin VPN 1.1.8
30-09-2022 22:18:03 Removed Radmin Viewer 3.5.2.
05-10-2022 12:05:40 Installed ProtonVPN

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/06/2022 05:02:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program XboxAppServices.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 20c8

Čas spuštění: 01d8d98cd37eb992

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.GamingApp_2107.1001.10.0_x64__8wekyb3d8bbwe\XboxAppServices.exe

ID hlášení: 97fdb8ef-4cde-491f-91fe-e4390f8afc77

Úplný název balíčku s chybou: Microsoft.GamingApp_2107.1001.10.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: Microsoft.Xbox.App

Typ zablokování: Quiesce

Error: (10/06/2022 04:55:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mmc.exe verze 10.0.19041.746 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 27b4

Čas spuštění: 01d8d993941f3615

Čas ukončení: 28

Cesta k aplikaci: C:\Windows\System32\mmc.exe

ID hlášení: 488f110c-e98d-45f3-b582-833cdd36d017

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Unknown

Error: (10/06/2022 04:39:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GTA5.exe verze 1.0.2699.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 9e8

Čas spuštění: 01d8d99059e6c0ea

Čas ukončení: 4294967295

Cesta k aplikaci: D:\GTAV\GTA5.exe

ID hlášení: be467938-f626-41cf-b0ba-b151672963ef

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Top level window is idle

Error: (10/06/2022 03:44:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GTA5.exe verze 1.0.2699.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 8b4

Čas spuštění: 01d8d9887e68780b

Čas ukončení: 4294967295

Cesta k aplikaci: D:\GTAV\GTA5.exe

ID hlášení: 6d07b86b-f5d0-4330-890e-51ea6bde8a8c

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Top level window is idle

Error: (10/06/2022 08:45:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/06/2022 08:35:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GTA5.exe verze 1.0.2699.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1be4

Čas spuštění: 01d8d940b9544d50

Čas ukončení: 50

Cesta k aplikaci: D:\GTAV\GTA5.exe

ID hlášení: 3930e2d8-63eb-45c9-b0f9-e2fbed1d5a13

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Unknown

Error: (10/05/2022 10:31:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GTA5.exe verze 1.0.2699.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 6c

Čas spuštění: 01d8d89428b55031

Čas ukončení: 56

Cesta k aplikaci: D:\GTAV\GTA5.exe

ID hlášení: 75ae80f4-c1ab-4157-917f-ea9b11181826

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Unknown

Error: (10/05/2022 12:07:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GTA5.exe verze 1.0.2699.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 6fc

Čas spuštění: 01d8d83a86a949b5

Čas ukončení: 4294967295

Cesta k aplikaci: D:\GTAV\GTA5.exe

ID hlášení: f417bb74-976a-4faf-9878-fc5d0d394440

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Top level window is idle


System errors:
=============
Error: (10/06/2022 05:00:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Služba inteligentního přenosu na pozadí skončila s následující chybou specifickou pro službu: 
Třída je zkonfigurována ke spuštění tak, aby bylo ID zabezpečení odlišné od volajícího.

Error: (10/06/2022 05:00:11 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: Službu BITS se nezdařilo spustit. Chyba 2147500053.

Error: (10/06/2022 04:39:10 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: Event-ID 13

Error: (10/06/2022 04:39:10 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: Event-ID 13

Error: (10/06/2022 04:39:10 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: Event-ID 13

Error: (10/06/2022 04:06:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:04:29, ‎06.‎10.‎2022) bylo neočekávané.

Error: (10/06/2022 03:51:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (15:49:30, ‎06.‎10.‎2022) bylo neočekávané.

Error: (10/05/2022 02:24:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (14:23:02, ‎05.‎10.‎2022) bylo neočekávané.


Windows Defender:
================
Date: 2022-10-01 01:26:05
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableIOAVProtection
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-I9MQLIO\BT
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.375.1282.0, AS: 1.375.1282.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.19600.3, NIS: 0.0.0.0

Date: 2022-10-01 01:23:33
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E160AF79-BEB0-40DB-8C77-0D023166C2A1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: DESKTOP-I9MQLIO\BT

Date: 2022-02-19 17:50:35
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.501.0, AS: 1.359.501.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.18900.3, NIS: 0.0.0.0

Date: 2022-02-19 12:17:46
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.487.0, AS: 1.359.487.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.18900.3, NIS: 0.0.0.0

Date: 2022-02-17 21:50:16
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.387.0, AS: 1.359.387.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.18900.3, NIS: 0.0.0.0
﻿
CodeIntegrity:
===============
Date: 2022-10-01 21:03:45
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-10-01 20:34:10
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. V2.10 02/17/2016
Motherboard: MSI Z97-GD65 GAMING (MS-7845)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8140.79 MB
Available physical RAM: 4570.74 MB
Total Virtual: 12236.79 MB
Available Virtual: 7397.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.29 GB) (Free:35.55 GB) (Model: INTEL SSDSA2BW160G3) NTFS
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:10.06 GB) (Model: WDC WD1600JS-55MHB0) NTFS

\\?\Volume{b523c84f-9388-4b6c-903d-20c49750c1b6}\ () (Fixed) (Total:0.53 GB) (Free:0.1 GB) NTFS
\\?\Volume{6558e450-0b03-4bb8-a7c8-70c5540e7e61}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: AFB55ABB)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 5002BAC3)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================